我有以下spring-security.xml
<security:global-method-security proxy-target-class="true" secured-annotations="enabled" />
<security:http auto-config="false" use-expressions="true" entry-point-ref="customLoginEndpoint" >
<security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</security:http>
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:authenticationManager-ref="customAuthenticationManager"/>
下面是customLoginEndpoint
@Component("customLoginEndpoint")
public class CustomLoginEndpoint extends LoginUrlAuthenticationEntryPoint
{
public AcapLoginEndpoint()
{
super("/auth/login");
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException)
throws IOException, ServletException {
response.sendRedirect("/auth/login");
}
}
我的控制器分类为@ExceptionHandler(Throwable ex)和带有@Secured批注的几种方法
问题是@ExceptionHandler方法捕获由@Secured批注引起的所有org.springframework.security.access.AccessDeniedException,因此请求永远不会到达CustomLoginEndpoint.commence并被拒绝。
如果我删除@ExceptionHandler,则一切正常。
我如何使它工作,以便调用begin并避免@ExceptionHandler捕获由于@Secured注释而导致的AccessDeniedException。
您应该能够为AccessDeniedException添加另一个@ExceptionHandler,然后只需将异常重新抛出到handle方法中即可。这将允许AccessDeniedException向上传播,以便Spring Security可以处理该错误。
| 归档时间: |
|
| 查看次数: |
1504 次 |
| 最近记录: |