Spring-Security笔记6 自定义AccessDeniedHandler
2018-03-01 15:55
555 查看
在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。package com.fhzz.core.sercurity.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Service;
import com.fhzz.core.utils.HTTPUtils;
/**
* @author YangYi
* @description 自定义权限不足处理程序
*/
@Service
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException,
ServletException {
if (HTTPUtils.isAjaxRequest(request)) {// AJAX请求,使用response发送403
response.sendError(403);
} else if (!response.isCommitted()) {// 非AJAX请求,跳转系统默认的403错误界面,在web.xml中配置
response.sendError(HttpServletResponse.SC_FORBIDDEN,
accessDeniedException.getMessage());
}
}
}
然后在spring-security.xml中配置上:<!-- 自定义的access-denied-handler -->
<access-denied-handler ref="defaultAccessDeniedHandler" />
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Service;
import com.fhzz.core.utils.HTTPUtils;
/**
* @author YangYi
* @description 自定义权限不足处理程序
*/
@Service
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException,
ServletException {
if (HTTPUtils.isAjaxRequest(request)) {// AJAX请求,使用response发送403
response.sendError(403);
} else if (!response.isCommitted()) {// 非AJAX请求,跳转系统默认的403错误界面,在web.xml中配置
response.sendError(HttpServletResponse.SC_FORBIDDEN,
accessDeniedException.getMessage());
}
}
}
package com.fhzz.core.utils;
import javax.servlet.http.HttpServletRequest;
/**
* @author YangYi
*
*/
public class HTTPUtils {
/**
* 从request获取登录的IP
*/
public static String getIpAddress(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
/**
* 判断是否为ajax请求
*/
public static boolean isAjaxRequest(HttpServletRequest request) {
if (request.getHeader("accept").indexOf("application/json") > -1
|| (request.getHeader("X-Requested-With") != null && request.getHeader("X-Requested-With").equals(
"XMLHttpRequest"))) {
return true;
}
return false;
}
}然后在spring-security.xml中配置上:<!-- 自定义的access-denied-handler -->
<access-denied-handler ref="defaultAccessDeniedHandler" />
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Spring security AccessDeniedHandler 不被调用
- Spring-Security笔记2 自定义登录界面
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 解决:org.springframework.security.access.AccessDeniedException: Access is denied
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring源码-IOC容器(八)-NamespaceHandler与自定义xml
- spring-security 自定义的密码编码器bean
- 【JavaEE】SSH+Spring Security自定义Security的部分处理策略
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)
- Spring Data Access and Web 笔记
- 【spring-security】Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.sprin
- SpringMVC HandlerMethodArgumentResolver自定义参数转换器 针对HashMap失效的问题