Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 如何在Spring@ExceptionHandler中捕获自定义注释?_Java_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 如何在Spring@ExceptionHandler中捕获自定义注释?

Java 如何在Spring@ExceptionHandler中捕获自定义注释?

java spring spring-boot spring-security

Java 如何在Spring@ExceptionHandler中捕获自定义注释?,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我有这样一个自定义注释: @Retention(RetentionPolicy.RUNTIME) @Inherited @Documented @PreAuthorize(AllowedForSystemUsers.condition) public @interface AllowedForSystemUsers { String condition = "hasAnyRole({'ROLE_ADMIN', 'ROLE_USER'})"; } @RequestMapping(valu

我有这样一个自定义注释:

@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@PreAuthorize(AllowedForSystemUsers.condition)
public @interface AllowedForSystemUsers {
    String condition = "hasAnyRole({'ROLE_ADMIN', 'ROLE_USER'})";
}

@RequestMapping(value="/search", method=RequestMethod.POST)
@AllowedForSystemUsers
public String searchRooms(@ModelAttribute Booking booking, Model model, long type) {

    //do something
}

@ExceptionHandler(value = AccessDeniedException.class)
public ModelAndView accessDenied(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {

    return new ModelAndView("redirect:/error");
}
我将注释放在我的
控制器
方法中,如下所示:


@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@PreAuthorize(AllowedForSystemUsers.condition)
public @interface AllowedForSystemUsers {
    String condition = "hasAnyRole({'ROLE_ADMIN', 'ROLE_USER'})";
}



@RequestMapping(value="/search", method=RequestMethod.POST)
@AllowedForSystemUsers
public String searchRooms(@ModelAttribute Booking booking, Model model, long type) {

    //do something
}



@ExceptionHandler(value = AccessDeniedException.class)
public ModelAndView accessDenied(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {

    return new ModelAndView("redirect:/error");
}


我的
ExceptionHandler
如下所示:


@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@PreAuthorize(AllowedForSystemUsers.condition)
public @interface AllowedForSystemUsers {
    String condition = "hasAnyRole({'ROLE_ADMIN', 'ROLE_USER'})";
}



@RequestMapping(value="/search", method=RequestMethod.POST)
@AllowedForSystemUsers
public String searchRooms(@ModelAttribute Booking booking, Model model, long type) {

    //do something
}



@ExceptionHandler(value = AccessDeniedException.class)
public ModelAndView accessDenied(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {

    return new ModelAndView("redirect:/error");
}


因此,当用户没有身份验证为
ROLE\u ADMIN
ROLE\u user
时,会发生
AccessDeniedException
,代码运行到
accessDenied()
方法中

我的问题是如何知道
@AllowedForSystemUsers
注释是否触发此
AccessDeniedException
?因为其他代码也可能触发
AccessDeniedException


谢谢
 系统不应向用户提供任何提示,说明用户未获得授权的原因。他根本没有被授权。这是一个安全问题。此外,非管理员的用户根本不能在前端调用任何管理操作。这是一个可用性问题

您需要以下内容(下次在问题中包括上下文信息):

我想让用户看到预订按钮,并能够搜索可用的房间
即使他没有登录,但当他想预订房间时,他会得到按摩
喜欢请登录第一条消息


这绝对没有问题。如果当前未登录的用户正在按
Book
按钮,我必须假设服务器将以。在前端,您只需对该响应状态代码做出反应,向用户显示信息,即他显然没有登录或您想做的任何事情。绝对没有必要,服务器需要告诉您他为什么用
401
响应,您需要在控制器中抛出异常。为了执行全局异常处理程序,您需要将异常从其他地方抛出。您可以考虑生成<代码> > Access DeNeXeXECUTS/<代码>的子类,并在<代码> @ PaseDeFordStaseSuths< /代码>中抛出它。processing@SungJinSteveYoo例如?@AtaurRahmanMunna那么你的意思是我不能使用Spring安全默认设置
AccessDeniedException
?为什么不使用内置@PreAuthorize,请参阅