Java spring中的华夫格自定义错误页
我使用的是华夫饼干1.7+Spring4+SpringSecurity 3.2+thymeleaf。我的问题是,当回退表单日志记录失败时,我无法提供自定义错误页面。这是我的配置:Java spring中的华夫格自定义错误页,java,spring,spring-security,waffle,Java,Spring,Spring Security,Waffle,我使用的是华夫饼干1.7+Spring4+SpringSecurity 3.2+thymeleaf。我的问题是,当回退表单日志记录失败时,我无法提供自定义错误页面。这是我的配置: @凌驾 受保护的无效配置(HttpSecurity http)引发异常{ http.authorizeRequests() .antMatchers(“/**”) .authenticated() .及() .例外处理() .authenticationEntryPoint(negotiateSecurityFilte
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http.authorizeRequests()
.antMatchers(“/**”)
.authenticated()
.及()
.例外处理()
.authenticationEntryPoint(negotiateSecurityFilterEntryPoint())
.accessDeniedPage(“/access denied”)
.及()
.addFilterBefore(waffleNegotiateSecurityFilter(),
BasicAuthenticationFilter.class);
}
当用户在关闭SNPENGO的情况下使用浏览器并输入错误的凭据时,将显示默认的system 500页面,其中包含以下信息:
com.sun.jna.platform.win32.win32异常:登录尝试失败。waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:134)
waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:103)waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:130)
...
如何提供我的自定义页面(access-denied.html thymeleaf模板)?到目前为止,我已经尝试了所有的方法,但没有成功。在深入研究Spring文档并跟踪华夫饼干的实际用途之后,我已经能够用以下“丑陋”的方式解决它。1.禁用/访问被拒绝页面的安全性以防止无休止的重定向循环2。包装华夫格过滤器以捕获所有异常并重定向它 有谁有更好的解决办法吗
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/access-denied")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/**")
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(negotiateSecurityFilterEntryPoint())
.accessDeniedPage("/access-denied")
.and()
.addFilterBefore(waffleNegotiateSecurityFilter(),
BasicAuthenticationFilter.class);
}
public class WaffleWrapperSecurityBean extends GenericFilterBean {
@NotNull
private final GenericFilterBean wrappedFilter;
public WaffleWrapperSecurityBean(GenericFilterBean filter) {
wrappedFilter = filter;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
try {
wrappedFilter.doFilter(request, response, chain);
} catch (Exception e) {
((HttpServletResponse) response)
.sendRedirect("access-denied?message="
+ e.getLocalizedMessage());
}
}
@Override
public void destroy() {
wrappedFilter.destroy();
}
}
// controller code ommited
您是否可以尝试创建并设置AuthenticationFailureHandler
DelegatingNegotiateSecurityFilter
bean配置示例:
<bean id="waffleNegotiateSecurityFilter"
class="waffle.spring.DelegatingNegotiateSecurityFilter"
>
<property name="allowGuestLogin" value="false" />
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
<property name="defaultGrantedAuthority">
<null />
</property>
</bean>
允许服务提供商授权委托人AuthenticationManager
允许服务提供商进一步填充authenticationSuccessHandler
对象Authentication
- 如果AuthenticationManager引发
,则调用AuthenticationException
AuthenticationFailureHandler
- 如果AuthenticationManager抛出
,则调用AccessDeniedException
AccessDeniedHandler