Spring Security如何拒绝403访问?
我从来没有得到 403,它总是将我重定向到 root url,或者我可以指定已贬值的访问被拒绝页面。哪个都可以,但是为什么呢?我想了解它的行为为什么这里的其他人会得到这个异常?
<security:http auto-config="true" use-expressions="true" >
<security:form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" default-target-url="/home"/>
<security:intercept-url pattern="/home" access="isAuthenticated()" />
<security:intercept-url pattern="/home/try" access="hasRole('ROLE_EDITOR')"/>
</security:http>
使用访问拒绝处理程序有什么好处?
I never get 403, it always redirects me to root url or I can specify access denied page which is depreciated. Which is ok, but still why? I want to undertsand its behavior why other people here get this exception?
<security:http auto-config="true" use-expressions="true" >
<security:form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" default-target-url="/home"/>
<security:intercept-url pattern="/home" access="isAuthenticated()" />
<security:intercept-url pattern="/home/try" access="hasRole('ROLE_EDITOR')"/>
</security:http>
And what is the benefit of using access-denied-handler?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最简单的方法是使用“access-denied-handler”标签,并将 403 页面放在“error-page”属性中。
你可以参考这个教程:
http://www.mkyong.com/spring-security/customize-http-403-access-denied-page-in-spring-security/" mkyong.com/spring-security/customize-http-403-access-denied-page-in-spring-security/
The easiest way is uses “access-denied-handler‘ tag, and put your 403 page in “error-page” attribute.
You can reference this tutorial:
http://www.mkyong.com/spring-security/customize-http-403-access-denied-page-in-spring-security/