Spring security error with access-denied-handler tag

匿名 (未验证) 提交于 2019-12-03 01:44:01

问题:

i have added the access-denied-handler tag to redirect to an specific page when my app handles a AccessDeniedException but i have the error:

Configuration problem: Failed to import bean definitions from relative location [pgm-security-cas.xml] Offending resource: class path resource [spring/pgm-servlet.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 92 in XML document from class path resource [spring/pgm-security-cas.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'sec:access-denied-handler'. One of '{"http://www.springframework.org/schema/security":intercept-url}' is expected.

this is my xml:

<bean id="fsi"     class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">     <property name="authenticationManager" ref="authenticationManager" />     <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />     <property name="securityMetadataSource">         <sec:filter-invocation-definition-source use-expressions="true">             <sec:intercept-url pattern="/manageboxes" access="hasRole('A_READ_USER')" />             <sec:access-denied-handler error-page="/accessDeniedPage" />         </sec:filter-invocation-definition-source>     </property> </bean> 

Somebody knows where is problem?

The definition of the filterChainProxy is:

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">     <sec:filter-chain-map request-matcher="ant">         <sec:filter-chain pattern="/xhtml/login/invalidLogin.xhtml*" filters="none" />         <sec:filter-chain pattern="/j_spring_security_logout"             filters="logoutFilter,fsi" />         <sec:filter-chain pattern="/javax.faces.resource/*"             filters="none" />         <sec:filter-chain pattern="/**"             filters="casAuthenticationFilter, casValidationFilter, wrappingFilter, sif, j2eePreAuthFilter, logoutFilter, fsi" />     </sec:filter-chain-map> </bean> 

回答1:

<access-denied-handler> can't be placed inside <filter-invocation-definition-source>. You have to create an exceptionTranslator:

<bean id="exceptionTranslator"            class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint">     <bean class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"             p:loginFormUrl="/login" /> </property> <property name="accessDeniedHandler">     <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl"     p:errorPage="/accessDenied" /> </property> </bean>  

and wire it into your filterChainProxy

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">     <sec:filter-chain-map request-matcher="ant">         <sec:filter-chain pattern="/**"             filters="casAuthenticationFilter, casValidationFilter, wrappingFilter, sif,      j2eePreAuthFilter, logoutFilter,              exceptionTranslator,             fsi" />         </sec:filter-chain-map> </bean> 


标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!