Java 如何保护转发URL
有没有办法保护转发URL 明确地说,我有一个错误处理程序:Java 如何保护转发URL,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,有没有办法保护转发URL 明确地说,我有一个错误处理程序: @Component public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse
@Component
public class MyAuthenticationFailureHandler implements
AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception.getClass().isAssignableFrom(
MyException.class)) {
MyException myException = (MyException) exception;
RequestDispatcher dispatcher = request.getRequestDispatcher("/signup/exception");
request.setAttribute("userID", myException.getUserID());
dispatcher.forward(request, response);
}
}
}
和网络控制器:
@Controller
@RequestMapping("/signup")
public class SignupController {
@RequestMapping("/exception")
public ModelAndView signup() {
ModelAndView model = new ModelAndView(new InternalResourceView("/WEB-INF/jsp/signup.jsp", true));
return model;
}
}
我希望路由http://{hostname:port}/signup/exception
只能从我自己的处理程序作为转发来访问,而不能直接访问(通过在浏览器栏上写入URL和参数)。添加如下属性
request.setAttribute("isForwarded","True")
在处理程序中,并在控制器中检查该属性
如果是,请继续重定向到相应的页面。我没有测试它,但我知道servlet容器拒绝响应与WEB-INF相关的请求,但您可以转发到WEB-INF下的jsp servlet。您可以尝试使用类似/WEB-INF/signup/exception的url吗 或者,我认为您正在使用Spring Security。我不认为安全过滤器适用于转发的请求。是什么提供了以下截取url
<intercept-url pattern="/signup/exception" access="denyAll" />