发表新帖
发表新帖

How do I return a 403 Forbidden in Spring MVC?

后端 未结
关注
5 857
太阳男子
太阳男子 2020-12-29 03:14

I want my controller to return the right HTTP response code when the user lacks permission to view a particular page.

相关标签:
5条回答
  • 忘掉有多难
    2020-12-29 03:49

    Quickie

    If you are using plain JSP views (as is most common), then simply add

    <% response.setStatus( 403 ); %>

    somewhere in your view file. At the top is a nice place.

    Detail

    In MVC, i would always set this in the view, and in most cases with Spring-MVC, use the SimpleMappingExceptionResolver to present the correct view in response to a thrown runtime Exception.

    For example: create and throw a PermissionDeniedException in your controller or service layer and have the exception resolver point to a view file permissionDenied.jsp. This view file sets the 403 status and shows the user an appropriate message.

    In your Spring bean XML file:

    <bean id="exceptionResolver"
      class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
  <property name="exceptionMappings">
    <props>
      <prop key="PermissionDeniedException">          
        rescues/permissionDenied
      </prop>
      ... set other exception/view mappings as <prop>s here ...
    </props>
  </property>
  <property name="defaultErrorView" value="rescues/general" />
</bean>

<bean id="viewResolver"
      class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
  <property name="prefix" value="/WEB-INF/views/" />
  <property name="suffix" value=".jsp" />
</bean>

    If you need to implement a user login mechanism, take a look at Spring Security (formerly Acegi Security).

    0 讨论(0)
  • 夕颜
    2020-12-29 03:50

    Create an Exception annotated with @ResponseStatus e.g. like this:

    @ResponseStatus(HttpStatus.FORBIDDEN)
public class ForbiddenException extends RuntimeException {
}

    Now just throw that Exception in your handler method and the response will have status 403.

    0 讨论(0)
  • 轻奢々
    2020-12-29 03:51

    You can also just throw

    org.springframework.security.access.AccessDeniedException("403 returned");

    This returns a 403 in the response header.

    0 讨论(0)
  • 鱼传尺愫
    2020-12-29 03:56

    Use this: response.setStatus(403).

    0 讨论(0)
  • 执念已碎
    2020-12-29 04:04

    Using an ExceptionResolver is a great way to go, but if you just want this to be view-independent, you could certainly make a call to response.sendError(HttpServletResponse.SC_FORBIDDEN, "AdditionalInformationIfAvailable"); in your Controller.

    0 讨论(0)
 看不清?
提交回复
热议问题