Spring Security教程(9)---- 自定义AccessDeniedHandler
2014-01-17 11:34
274 查看
在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。
最后在配置文件中配置下
public class DefaultAccessDeniedHandler implements AccessDeniedHandler { /* (non-Javadoc) * @see org.springframework.security.web.access.AccessDeniedHandler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.access.AccessDeniedException) */ private String errorPage; //~ Methods ======================================================================================================== public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { boolean isAjax = ControllerTools.isAjaxRequest(request); if(isAjax){ Message msg = MessageManager.exception(accessDeniedException); ControllerTools.print(response, msg); }else if (!response.isCommitted()) { if (errorPage != null) { // Put exception into request scope (perhaps of use to a view) request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException); // Set the 403 status code. response.setStatus(HttpServletResponse.SC_FORBIDDEN); // forward to error page. RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage); dispatcher.forward(request, response); } else { response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); } } } /** * The error page to use. Must begin with a "/" and is interpreted relative to the current context root. * * @param errorPage the dispatcher path to display * * @throws IllegalArgumentException if the argument doesn't comply with the above limitations */ public void setErrorPage(String errorPage) { if ((errorPage != null) && !errorPage.startsWith("/")) { throw new IllegalArgumentException("errorPage must begin with '/'"); } this.errorPage = errorPage; } }这里我们直接将异常信息通过PrintWriter输出到前台,然后在前台做统一的处理就可以了。在前台对后台消息统一处理的方法可以参考我的这篇文章/article/1379215.html
最后在配置文件中配置下
<sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> <sec:access-denied-handler ref="accessDeniedHandler"/> <sec:session-management invalid-session-url="/login.jsp" /> <sec:intercept-url pattern="/app.jsp" access="AUTH_LOGIN"/> <sec:intercept-url pattern="/**" access="AUTH_GG_FBGBGG"/> <sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.jsp"/> </sec:http> <!-- 自定义权限不足处理程序 --> <bean id="accessDeniedHandler" class="com.zrhis.system.security.RequestAccessDeniedHandler"> <property name="errorPage" value="/WEB-INF/error/403.jsp"></property> </bean>session-management本来计划在之前就讲的,但是准备深入讲下session-management所以就一直没有讲。今天既然提到了就简单的说下session-management最简单的配置,就是上面的配置invalid-session-url表示Session失效时跳转的连接。随后会深入讲下这个。
相关文章推荐
- java代理模式浅识
- java DES加密
- java 注解annotation的使用,以及反射如何获取注解
- emacs中JDEE编译错误信息的解决办法
- 把 java project 发布成为可运行文件
- Spring3.2.6 + hibernate4.2.8 + hibernate-generic-dao1.2.0
- 第二章 Spring MVC入门
- 算法在JDK中的使用二
- 菜鸟学习Struts——简易计算器
- Java华丽转身 —— 内存学习
- 菜鸟学习Struts——简易计算器
- java的动态绑定与静态绑定
- 获得每月第一天凌晨时间
- 【深入Java虚拟机】之七:Java编译与JIT编译
- 【深入Java虚拟机】之六:Java语法糖
- java配置opencv-在eclipse中
- 【深入Java虚拟机】之五:多态性实现机制——静态分派与动态分派
- 【深入Java虚拟机】之四:类加载机制
- 【深入Java虚拟机】之三:类初始化
- 【深入Java虚拟机】之二:Class类文件结构