开发者

Spring Security Redirect if no access on page

开发者 https://www.devze.com 2022-12-15 23:25 出处:网络
I have a j2ee web applicationusing spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user\'s role has no access on the page being accessed because cu

I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user's role has no access on the page being accessed because currently I get the error

Error 404--Not Found From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: 10.4.5 404 Not Found The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

How do I do this redirection.I tried the access-denied-page attribute of security:http but I still get the error. Here's my configuration for security-http.

By the way.I am using Spring Faces and Facelets. Could this have been the cause of the problem?

<!-- Configure Spring Security -->
<security:http auto-config="true" access-denied-page="/deniedpage.xhtml" 
    session-fixation-protection="newSession">
    <security:intercept-url pattern="/main.do"
        access="ROLE_SUPERVISOR, ROLE_USER" />
    <security:intercept-url pattern="/logoutSuccess.do"
        access="ROLE_SUPERVISOR, ROLE_USER" />
    <security:intercept-url pattern="/edit.do" 
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/register.do"
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/admin_main.do"
        access="ROLE_SUPERVISOR" />
    <security:intercept-url pattern="/*"
        access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:form-login login-page="/loginForm.do"
        default-target-url="/main.do" authentication-failure-url="/loginForm.do?login_error=1" />
    <security:logout logout-url="/logout.do"
        invalidate-session="true" logout-success-url="/logoutSu开发者_如何学Cccess.do" />
    <security:concurrent-session-control
        max-sessions="-1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />

</security:http>


The access-denied-page attribute of security:http should be enough, show us the Spring configuration you are using.
In the meantime try adding this to web.xml:

<error-page>
    <error-code>404</error-code>
    <location>notfound.jsp</location>
</error-page>
0

精彩评论

暂无评论...
验证码 换一张
取 消