spring security http无权访问 页面跳转(求助)

本文探讨了Spring Security中配置访问拒绝页面的问题。作者尝试通过设置access-denied-page属性实现无权限访问时跳转到指定页面,但遇到了显示空白页的情况。文章提供了详细的配置代码示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

最近在做spring-security权限控制,http里配置intercept-url进行权限控制的时候,当用户无权访问该页面的时候显示空白页,我想跳转到指定页面,在网上找了一下都说是配置access-denied-page即可跳转到指定页面,可我按此方法还是显示空白页,那位大侠用过此框架的,希望站出来说两句。在此万分感谢。。。,代码如下: <?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd"><!-- FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写 PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式 --><bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy"><property name="filterInvocationDefinitionSource"><value></value></property></bean><!-- 异常处理filter(异常转换过滤器),主要是处理AccessDeniedException和AuthenticationException, 将给每个异常找到合适的"去向" --><bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter"><property name="accessDeniedHandler" ref="accessDeniedHandler"></property><property name="authenticationEntryPoint" ref="authenticationEntryPoint"></property></bean><!-- 处理AccessDeniedException --><bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl"><property name="errorPage" value="/403.jsp"></property></bean><bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/login.html"></property><property name="forceHttps" value="false"></property></bean><authentication-manager alias="authenticationManagerAlias"></authentication-manager><bean id="accessDecisionManager" class="com.shului.tuan.webapp.security.CustomAccessDecisionManager"><property name="allowIfAllAbstainDecisions" value="false"></property><property name="decisionVoters"><list><bean class="org.springframework.security.vote.RoleVoter"></bean><bean class="org.springframework.security.vote.AuthenticatedVoter"></bean></list></property></bean><bean id="authenticationProcessingFilter" class="com.shului.tuan.webapp.filter.CustomAuthenticationFilter"><custom-filter before="AUTHENTICATION_PROCESSING_FILTER"></custom-filter><property name="filterProcessesUrl" value="/j_spring_security_check"></property><property name="alwaysUseDefaultTargetUrl" value="true"></property><property name="defaultTargetUrl" value="/manage/admin/index.html"></property><property name="authenticationFailureUrl" value="/login.html?error=true"></property><property name="authenticationManager" ref="authenticationManagerAlias"></property></bean><bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"><property name="loginFormUrl" value="/403.jsp"></property><property name="forceHttps" value="false"></property></bean><!-- auto-config:包含<form-login />、<http-basic />、<logout />三项默认配置,如果自己配置则覆盖默认配置 access-denied-page:出错(eg没有权限)后跳转的页面,没有该属性,则抛出403错误-访问指定资源被禁止 access-decision-manager-ref="accessDecisionManager":当角色名前缀不是ROLE_时,需要自定义访问策略管理器 --><http auto-config="false" lowercase-comparisons="false" access-denied-page="/403.jsp" entry-point-ref="authenticationProcessingFilterEntryPoint"><intercept-url pattern="/admin/*.html*" access="ROLE_ADMIN,ROLE_ADMIN_YHGLY"></intercept-url><intercept-url pattern="/admin/**/*.html*" access="ROLE_ADMIN"></intercept-url><intercept-url pattern="/sales/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/sales/**/*.html*" access="ROLE_SALES"></intercept-url><intercept-url pattern="/login.html*" access="ROLE_ANONYMOUS,ROLE_ADMIN_0,ROLE_SALES,ROLE_SUPPLIER,ROLE_USER"></intercept-url><form-login login-page="/login.html" default-target-url="/index.jsp" authentication-failure-url="/403.jsp"></form-login><logout logout-success-url="/login.html"></logout><remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"></remember-me><!-- --><anonymous></anonymous></http><authentication-provider user-service-ref="userDao"><password-encoder ref="passwordEncoder"></password-encoder></authentication-provider><!-- Override the default password-encoder (SHA) by uncommenting the following and changing the class --><!-- <bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/> --><global-method-security jsr250-annotations="enabled" secured-annotations="enabled"><protect-pointcut expression="execution(* com.shului.tuan.service.UserManager.getDataCount(..))" access="ROLE_ADMIN,ROLE_ADMIN_0,ROLE_SALES"></protect-pointcut><protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"></protect-pointcut></global-method-security></beans>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值