2. it
  3. 自定义AccessDeniedHandler

自定义AccessDeniedHandler

mac2022-06-30  19

在Spring默认的AccessDeniedHandler中只有对页面请求的处理,而没有对Ajax的处理。而在项目开发是Ajax又是我们要常用的技术,所以我们可以通过自定义AccessDeniedHandler来处理Ajax请求。我们在Spring默认的AccessDeniedHandlerImpl上稍作修改就可以了。

 

[java]  view plain copy     public class DefaultAccessDeniedHandler implements AccessDeniedHandler {        /* (non-Javadoc)      * @see org.springframework.security.web.access.AccessDeniedHandler#handle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.access.AccessDeniedException)      */      private String errorPage;        //~ Methods ========================================================================================================        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException)              throws IOException, ServletException {          boolean isAjax = ControllerTools.isAjaxRequest(request);          if(isAjax){              Message msg = MessageManager.exception(accessDeniedException);              ControllerTools.print(response, msg);          }else if (!response.isCommitted()) {              if (errorPage != null) {                  // Put exception into request scope (perhaps of use to a view)                  request.setAttribute(WebAttributes.ACCESS_DENIED_403, accessDeniedException);                    // Set the 403 status code.                  response.setStatus(HttpServletResponse.SC_FORBIDDEN);                    // forward to error page.                  RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);                  dispatcher.forward(request, response);              } else {                  response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());              }          }      }        /**      * The error page to use. Must begin with a "/" and is interpreted relative to the current context root.      *      * @param errorPage the dispatcher path to display      *      * @throws IllegalArgumentException if the argument doesn't comply with the above limitations      */      public void setErrorPage(String errorPage) {          if ((errorPage != null) && !errorPage.startsWith("/")) {              throw new IllegalArgumentException("errorPage must begin with '/'");          }            this.errorPage = errorPage;      }    }  

这里我们直接将异常信息通过PrintWriter输出到前台,然后在前台做统一的处理就可以了。在前台对后台消息统一处理的方法可以参考我的这篇文章http://blog.csdn.net/jaune161/article/details/18135607

 

最后在配置文件中配置下

 

[html]  view plain copy     <sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager">            <sec:access-denied-handler ref="accessDeniedHandler"/>            <sec:session-management invalid-session-url="/login.jsp" />            <sec:intercept-url pattern="/app.jsp" access="AUTH_LOGIN"/>      <sec:intercept-url pattern="/**" access="AUTH_GG_FBGBGG"/>            <sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp"          default-target-url="/index.jsp"/>            </sec:http>    <!-- 自定义权限不足处理程序 -->  <bean id="accessDeniedHandler" class="com.zrhis.system.security.RequestAccessDeniedHandler">      <property name="errorPage" value="/WEB-INF/error/403.jsp"></property>  </bean>  

 

转载于:https://www.cnblogs.com/yanduanduan/p/5162215.html

相关资源:JAVA上百实例源码以及开源项目
最新回复(0)