通过Java代码配置的具有Spring Security的自定义403错误页面
有谁知道如何在Spring
Security中配置自定义的403页面?在网络上浏览时,我得到的所有结果都与XML配置有关,而我正在使用Java配置。那就是我的SecurityConfig:
@Configuration@ComponentScan(value="com")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return new CustomAuthenticationManager();
}
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/resources/**", "/publico/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/acesso/login").permitAll()
.loginProcessingUrl("/login").permitAll()
.usernameParameter("login")
.passwordParameter("senha")
.successHandler(new CustomAuthenticationSuccessHandler())
.failureHandler(new CustomAuthenticationFailureHandler())
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/acesso/login").permitAll();
}
}
我也有一个AccessDeniedHandler的自定义实现:
public class CustomAccessDeniedHandler implements AccessDeniedHandler { @Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException arg2) throws IOException, ServletException {
response.sendRedirect(request.getContextPath() + "/erro/no_permit");
}
}
回答:
如果我是对的,则要个性化页面403,可以使用此服务器实现的模型。
Spring Security:定制403访问被拒绝页面
例:
AppConfig.java
@Overrideprotected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/")
.and()
.rememberMe()
.and()
.csrf().disable();
}
HomeController.java
@RequestMapping("/403")public String accessDenied() {
return "errors/403";
}
而.html将是带有某些消息403的自定义页面。
以上是 通过Java代码配置的具有Spring Security的自定义403错误页面 的全部内容, 来源链接: utcz.com/qa/426018.html
