How to handle HTTP 403 with Spring Security 3.0.x

前端未结

关注

 5  1330

温柔的废话 2021-02-04 09:44

I\'m facing a little issue with Spring Security 3.0.x (3.0.2 in particular at the moment). The whole application I\'m working on is working perfectly except when someone who doe

5条回答

北海茫月 (楼主)

2021-02-04 10:34

I've found how to do this. By implementing the AccessDeniedHandler interface and the corresponding handle method I can, easily, control the way the Http 403 error is handled.

This way, you can add various items in the session and then intercept them on your jsp.

The xml file then looks like this :

The java class :

package foo.bar;
public class CustomAccessDeniedHandler implements org.springframework.security.web.access.AccessDeniedHandler {
private String accessDeniedUrl;

    public CustomAccessDeniedHandler() {
    }

    public CustomAccessDeniedHandler(String accessDeniedUrl) {
        this.accessDeniedUrl = accessDeniedUrl;
    }

    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        response.sendRedirect(accessDeniedUrl);
        request.getSession().setAttribute("CustomSessionAttribute", "value here");
    }

    public String getAccessDeniedUrl() {
        return accessDeniedUrl;
    }

    public void setAccessDeniedUrl(String accessDeniedUrl) {
        this.accessDeniedUrl = accessDeniedUrl;
    }
}

And a jsp example :

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 
    

    ACCESS IS DENIED

0 讨论(0)

查看其它5个回答