Spring-Security笔记6 自定义AccessDeniedHandler
2018-03-01 15:55
555 查看
在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。package com.fhzz.core.sercurity.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Service;
import com.fhzz.core.utils.HTTPUtils;
/**
* @author YangYi
* @description 自定义权限不足处理程序
*/
@Service
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException,
ServletException {
if (HTTPUtils.isAjaxRequest(request)) {// AJAX请求,使用response发送403
response.sendError(403);
} else if (!response.isCommitted()) {// 非AJAX请求,跳转系统默认的403错误界面,在web.xml中配置
response.sendError(HttpServletResponse.SC_FORBIDDEN,
accessDeniedException.getMessage());
}
}
}
然后在spring-security.xml中配置上:<!-- 自定义的access-denied-handler -->
<access-denied-handler ref="defaultAccessDeniedHandler" />
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Service;
import com.fhzz.core.utils.HTTPUtils;
/**
* @author YangYi
* @description 自定义权限不足处理程序
*/
@Service
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException,
ServletException {
if (HTTPUtils.isAjaxRequest(request)) {// AJAX请求,使用response发送403
response.sendError(403);
} else if (!response.isCommitted()) {// 非AJAX请求,跳转系统默认的403错误界面,在web.xml中配置
response.sendError(HttpServletResponse.SC_FORBIDDEN,
accessDeniedException.getMessage());
}
}
}
package com.fhzz.core.utils; import javax.servlet.http.HttpServletRequest; /** * @author YangYi * */ public class HTTPUtils { /** * 从request获取登录的IP */ public static String getIpAddress(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } /** * 判断是否为ajax请求 */ public static boolean isAjaxRequest(HttpServletRequest request) { if (request.getHeader("accept").indexOf("application/json") > -1 || (request.getHeader("X-Requested-With") != null && request.getHeader("X-Requested-With").equals( "XMLHttpRequest"))) { return true; } return false; } }
然后在spring-security.xml中配置上:<!-- 自定义的access-denied-handler -->
<access-denied-handler ref="defaultAccessDeniedHandler" />
相关文章推荐
- Spring security AccessDeniedHandler 不被调用
- Spring-Security笔记2 自定义登录界面
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- 自定义AccessDeniedHandler
- 解决:org.springframework.security.access.AccessDeniedException: Access is denied
- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring Security教程(9)---- 自定义AccessDeniedHandler
- Spring源码-IOC容器(八)-NamespaceHandler与自定义xml
- spring-security 自定义的密码编码器bean
- 【JavaEE】SSH+Spring Security自定义Security的部分处理策略
- SPRING IN ACTION 第4版笔记-第九章Securing web applications-008-使用非关系型数据库时如何验证用户(自定义UserService)
- Spring Data Access and Web 笔记
- 【spring-security】Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.sprin
- SpringMVC HandlerMethodArgumentResolver自定义参数转换器 针对HashMap失效的问题