自定义AccessDeniedHandler
2017-06-04 20:38
344 查看
在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。
public class DefaultAccessDeniedHandler implements AccessDeniedHandler {
/* (non-Javadoc)
* @see org.springframework.security.web.access.AccessDeniedHandler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.access.AccessDeniedException)
*/
private String errorPage;
//~ Methods ========================================================================================================
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
throws IOException, ServletException {
boolean isAjax = ControllerTools.isAjaxRequest(request);
if(isAjax){
Message msg = MessageManager.exception(accessDeniedException);
ControllerTools.print(response, msg);
}else if (!response.isCommitted()) {
if (errorPage != null) {
// Put exception into request scope (perhaps of use to a view)
request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
// Set the 403 status code.
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
// forward to error page.
RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
dispatcher.forward(request, response);
} else {
response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
}
}
}
/**
* The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
*
* @param errorPage the dispatcher path to display
*
* @throws IllegalArgumentException if the argument doesn't comply with the above limitations
*/
public void setErrorPage(String errorPage) {
if ((errorPage != null) && !errorPage.startsWith("/")) {
throw new IllegalArgumentException("errorPage must begin with '/'");
}
this.errorPage = errorPage;
}
}
这里我们直接将异常信息通过PrintWriter输出到前台,然后在前台做统一的处理就可以了。在前台对后台消息统一处理的方法可以参考我的这篇文章http://blog.csdn.net/jaune161/article/details/18135607
最后在配置文件中配置下
<sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
<sec:access-denied-handler ref="accessDeniedHandler"/>
<sec:session-management invalid-session-url="/login.jsp" />
<sec:intercept-url pattern="/app.jsp" access="AUTH_LOGIN"/>
<sec:intercept-url pattern="/**" access="AUTH_GG_FBGBGG"/>
<sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp"
default-target-url="/index.jsp"/>
</sec:http>
<!-- 自定义权限不足处理程序 -->
<bean id="accessDeniedHandler" class="com.zrhis.system.security.RequestAccessDeniedHandler">
<property name="errorPage" value="/WEB-INF/error/403.jsp"></property>
</bean>
public class DefaultAccessDeniedHandler implements AccessDeniedHandler {
/* (non-Javadoc)
* @see org.springframework.security.web.access.AccessDeniedHandler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.access.AccessDeniedException)
*/
private String errorPage;
//~ Methods ========================================================================================================
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)
throws IOException, ServletException {
boolean isAjax = ControllerTools.isAjaxRequest(request);
if(isAjax){
Message msg = MessageManager.exception(accessDeniedException);
ControllerTools.print(response, msg);
}else if (!response.isCommitted()) {
if (errorPage != null) {
// Put exception into request scope (perhaps of use to a view)
request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);
// Set the 403 status code.
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
// forward to error page.
RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
dispatcher.forward(request, response);
} else {
response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());
}
}
}
/**
* The error page to use. Must begin with a "/" and is interpreted relative to the current context root.
*
* @param errorPage the dispatcher path to display
*
* @throws IllegalArgumentException if the argument doesn't comply with the above limitations
*/
public void setErrorPage(String errorPage) {
if ((errorPage != null) && !errorPage.startsWith("/")) {
throw new IllegalArgumentException("errorPage must begin with '/'");
}
this.errorPage = errorPage;
}
}
这里我们直接将异常信息通过PrintWriter输出到前台,然后在前台做统一的处理就可以了。在前台对后台消息统一处理的方法可以参考我的这篇文章http://blog.csdn.net/jaune161/article/details/18135607
最后在配置文件中配置下
<sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
<sec:access-denied-handler ref="accessDeniedHandler"/>
<sec:session-management invalid-session-url="/login.jsp" />
<sec:intercept-url pattern="/app.jsp" access="AUTH_LOGIN"/>
<sec:intercept-url pattern="/**" access="AUTH_GG_FBGBGG"/>
<sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp"
default-target-url="/index.jsp"/>
</sec:http>
<!-- 自定义权限不足处理程序 -->
<bean id="accessDeniedHandler" class="com.zrhis.system.security.RequestAccessDeniedHandler">
<property name="errorPage" value="/WEB-INF/error/403.jsp"></property>
</bean>
相关文章推荐
- Spring-Security笔记6 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring security AccessDeniedHandler 不被调用
- spring security 3 配置 access-denied-handler
- ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
- Access denied for user 'root'@'localhost' (using password: no)
- ASP.Net中自定义Http处理及应用之HttpHandler
- hadoop关于org.apache.hadoop.security.AccessControlException: Permission denied: user=Administrator, ac
- Access denied for user 'root'@'localhost'
- Access denied for user 'root'@'localhost' (using password: NO)
- 1045 access denied for user 'root'@'localhost' (using password yes)
- sphinx在建立索引时出现ERROR: index 'xxx': sql_connect: Access denied for user 'xxx'@'localhost' 不能连接数据库的错误解决