Mapping an exception to 404 page while using Spring Security taglibs

后端 未结 2 1268
情深已故
情深已故 2021-02-15 01:42

When mapping an Exception to 404 page, the Spring Security tags can\'t find the authentication information from the security context. With a \"real\" 404 the authentication is f

相关标签:
2条回答
  • 2021-02-15 02:12

    Add the following two dispatcher elements to your spring security filter-mapping:

    <filter-mapping>
        ...
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    

    By default only ordinary requests go through a defined filter-mapping.

    "INCLUDE" and "FORWARD" are the two other valid dispatcher element values.

    0 讨论(0)
  • 2021-02-15 02:23

    The most probable case is that some component in your code is calling HttpSession.invalidate() while exception handling. You can easily find this out by a simple debugging.

    But actually it is not necessary to check for isAnonymous() - it is enough to check for user not having ROLE_USER authority:

    • In Spring Security 2: you can use areNotGranted attribute of <sec:authorize> tag (see Spring Security 2 documentation
    • In Spring Security 3: you can use Spring EL for evaluation of negative condition: access="!hasRole('ROLE_USER')"
    0 讨论(0)
提交回复
热议问题