问题
i have added the access-denied-handler tag to redirect to an specific page when my app handles a AccessDeniedException but i have the error:
Configuration problem: Failed to import bean definitions from relative location [pgm-security-cas.xml] Offending resource: class path resource [spring/pgm-servlet.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 92 in XML document from class path resource [spring/pgm-security-cas.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'sec:access-denied-handler'. One of '{"http://www.springframework.org/schema/security":intercept-url}' is expected.
this is my xml:
<bean id="fsi"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
<property name="securityMetadataSource">
<sec:filter-invocation-definition-source use-expressions="true">
<sec:intercept-url pattern="/manageboxes" access="hasRole('A_READ_USER')" />
<sec:access-denied-handler error-page="/accessDeniedPage" />
</sec:filter-invocation-definition-source>
</property>
</bean>
Somebody knows where is problem?
The definition of the filterChainProxy is:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map request-matcher="ant">
<sec:filter-chain pattern="/xhtml/login/invalidLogin.xhtml*" filters="none" />
<sec:filter-chain pattern="/j_spring_security_logout"
filters="logoutFilter,fsi" />
<sec:filter-chain pattern="/javax.faces.resource/*"
filters="none" />
<sec:filter-chain pattern="/**"
filters="casAuthenticationFilter, casValidationFilter, wrappingFilter, sif, j2eePreAuthFilter, logoutFilter, fsi" />
</sec:filter-chain-map>
</bean>
回答1:
<access-denied-handler> can't be placed inside <filter-invocation-definition-source>. You have to create an exceptionTranslator:
<bean id="exceptionTranslator" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/login" />
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl"
p:errorPage="/accessDenied" />
</property>
</bean>
and wire it into your filterChainProxy
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map request-matcher="ant">
<sec:filter-chain pattern="/**"
filters="casAuthenticationFilter, casValidationFilter, wrappingFilter, sif, j2eePreAuthFilter, logoutFilter,
exceptionTranslator,
fsi" />
</sec:filter-chain-map>
</bean>
来源:https://stackoverflow.com/questions/22715862/spring-security-error-with-access-denied-handler-tag