用于拒绝访问处理程序的spring security 404
我正在尝试将我的spring mvc webapp设置为使用spring拒绝访问处理程序,但无法让它捕获错误。使用我的配置,看起来spring正向拒绝访问的处理程序前进,但由于某种原因,当我的拒绝访问处理程序被执行时,我得到一个404未找到。HTTP状态404-/accessDenied用于拒绝访问处理程序的spring security 404,spring,spring-security,Spring,Spring Security,我正在尝试将我的spring mvc webapp设置为使用spring拒绝访问处理程序,但无法让它捕获错误。使用我的配置,看起来spring正向拒绝访问的处理程序前进,但由于某种原因,当我的拒绝访问处理程序被执行时,我得到一个404未找到。HTTP状态404-/accessDenied <!-- Resources --> <intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSL
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
有人能帮我找出这里可能出了什么问题吗?我确实有一个名为accessDenied.jsp的jsp
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
然后在我的mvc调度程序servlet中
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
<context:component-scan base-package="com.company.reporting.controller" />
<bean id="accessDeniedHandler"
class="com.company.reporting.handler.ReportingAccessDeniedHandler">
<property name="accessDeniedUrl" value="/accessDenied" />
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
/WEB-INF/pages/
.jsp
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
谢谢创建accessDeniedHandler bean是不够的。这个bean只会将您的请求重定向到/accessDenied URL。还应使用以下代码创建AccessDeniedController(或将其命名为smth):
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
@Controller
public class AccessDeniedController {
@RequestMapping(value = "/accessDenied")
public String handleAccessDenied(){
return "accessDenied";
}
}
并将其放入“com.company.reporting.controller”包。我决定不需要覆盖默认的拒绝访问处理程序。因此,我所做的不是实现一个处理程序,而是将它添加到我的安全配置中
<!-- Resources -->
<intercept-url pattern="/resources/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/images/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/resources/js/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Pages -->
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/accessDenied" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
<!-- Error handlers -->
<access-denied-handler ref="accessDeniedHandler" />
<access-denied-handler error-page="/accessDenied.htm"/>