如何在弹簧引导注释中处理403禁止的错误？

Question

我在处理403春季启动中禁止的问题时遇到问题。正如我通过扩展WebSecurityConfigurerAdapter来定制它的类所处理的那样。它将给出的输出禁止。它应该重定向到403网址，但它不工作。我是初学者，不知道它的错在哪里。

public class WebAppInitializer implements WebApplicationInitializer { 
    @Override 
    public void onStartup(ServletContext servletContext) 
      throws ServletException { 
     AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext(); 

     ctx.register(SecurityConfiguration.class); 
     ctx.setServletContext(servletContext); 
     //ctx.register(SecurityConfiguration.class); 
     DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx); 
     dispatcherServlet.setThrowExceptionIfNoHandlerFound(true); 


     Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet); 
     dynamic.addMapping("/data/*"); 

     dynamic.setLoadOnStartup(1); 
    } 
} 

和我的AppConfig类

package com.portal.spring.config; 

import org.springframework.context.annotation.ComponentScan; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.web.servlet.config.annotation.EnableWebMvc; 
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 

@Configuration 
@ComponentScan("com.portal") 
@EnableWebMvc 
public class AppConfig extends WebMvcConfigurerAdapter { 
} 

和安全配置

package com.portal.spring.config; 
import java.util.logging.Logger; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 
    private static final Logger log= Logger.getLogger(SecurityConfiguration.class.getName()); 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler()); 
     } 
} 

和accessdenyhandler

package com.portal.spring.config; 
import java.io.IOException; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import org.springframework.security.access.AccessDeniedException; 
import org.springframework.security.web.access.AccessDeniedHandler; 

public class AccessDenyHandler implements AccessDeniedHandler { 

    @Override 
    public void handle(HttpServletRequest request, HttpServletResponse response, 
      AccessDeniedException arg2) throws IOException, ServletException { 
     response.sendRedirect("//403"); 
    } 
} 

Answer 1

这里是我的存取遭拒处理程序。我明确地委托Spring AccessDeniedHandler实现，但我有一些CSRF相关的东西，我需要处理。下面的代码并不包含该部分，因为它是特定于应用程序的。其他代码像SecurityConfig类似于我已经使用的

public class MyAccessDeniedHandler implements AccessDeniedHandler { 

    private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl(); 

    public void handle(HttpServletRequest request, HttpServletResponse response, 
      AccessDeniedException accessDeniedException) throws IOException, ServletException { 

     //Some CSRF related code 

     // Then call accessDeniedHandlerImpl.handle to handle request 
     accessDeniedHandlerImpl.handle(request, response, accessDeniedException); 
    } 

    /** 
    * The error page to use. Must begin with a "/" and is interpreted relative to the current context root. 
    * 
    * @param errorPage the dispatcher path to display 
    * 
    * @throws IllegalArgumentException if the argument doesn't comply with the above limitations 
    * @see AccessDeniedHandlerImpl#setErrorPage(String) 
    */ 
    public void setErrorPage(String errorPage) { 
     // You can set custom error page here 
     accessDeniedHandlerImpl.setErrorPage(errorPage); 
    } 
}