1. casa
  2. Domanda e risposta
  3. Come gestire AccessDeniedException in Spring Security?

Come gestire AccessDeniedException in Spring Security?

2012-01-05 17 views
10

sto usando la sicurezza molla 3, e voglio che ogni volta che il AccessDeniedException è gettato, l'utente del reindirizzato alla pagina specifica:Come gestire AccessDeniedException in Spring Security?

org.springframework.security.access.AccessDeniedException: Access is denied 
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) 
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) 
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) 
    at java.lang.Thread.run(Thread.java:619)

così ho provato ad usare accesso negato-handler ed ecco il gestore:

@Service("accessDeniedHandler") 
public class AccessDeniedHandler extends AccessDeniedHandlerImpl { 

    Log log = LogFactory.getLog(getClass()); 

    @Override 
    public void handle(HttpServletRequest request, 
      HttpServletResponse response, AccessDeniedException exception) 
      throws IOException, ServletException { 
     log.info("############### Access Denied Handler!"); 
     setErrorPage("/accessDenied"); 
     super.handle(request, response, exception); 
    } 

}

  • applicationSecurity.xml:

    <beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:util="http://www.springframework.org/schema/util" 
    xmlns:p="http://www.springframework.org/schema/p" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd 
    http://www.springframework.org/schema/util 
    http://www.springframework.org/schema/util/spring-util-3.0.xsd"> 

<http use-expressions="true" auto-config="true" > 

<session-management session-fixation-protection="none"/> 

    <remember-me token-validity-seconds="1209600"/> 

    <intercept-url pattern="/accessDenied" access="permitAll"/> 

    <intercept-url pattern="/login" access="permitAll"/> 
    <intercept-url pattern="/j_spring_security_check" access="permitAll" /> 

    <intercept-url pattern="/faces/javax.faces.resource/**" access="permitAll"/> 
    <intercept-url pattern="/xmlhttp/**" access="permitAll" /> 
    <intercept-url pattern="/resources/**" access="permitAll" /> 

    <intercept-url pattern="**/faces/javax.faces.resource/**" access="permitAll"/> 
    <intercept-url pattern="**/xmlhttp/**" access="permitAll" /> 
    <intercept-url pattern="**/resources/**" access="permitAll" /> 


    <intercept-url pattern="/**" access="isAuthenticated()" /> 

<access-denied-handler ref="accessDeniedHandler" /> 

<!-- tried the error page too with no luck --> 

<!-- 
<access-denied-handler error-page="/accessDenied" /> 
--> 


</http> 
</beans:beans>

ma il problema: è che quando viene lanciata l'eccezione, che non entra la classe accessDeniedHandler, si prega di avvisare.

UPDATE: ho provato la soluzione del bean di eccezioni e, pur ottenendo lo stesso comportamento, viene generata un'eccezione, ma non si verifica alcun reindirizzamento alla pagina accessDenied.

registri:

2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/' 
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/' 
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true 
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true 
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG/at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2012-01-08/12:33:43.610 [http-bio-8080-exec-8] DEBUG/at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG/at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG pathInfo: both null (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG pathInfo: both null (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG queryString: both null (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG queryString: both null (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURI: arg1=/MyApp/; arg2=/MyApp/ (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURI: arg1=/MyApp/; arg2=/MyApp/ (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG serverPort: arg1=8080; arg2=8080 (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG serverPort: arg1=8080; arg2=8080 (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURL: arg1=http://localhost:8080/MyApp/; arg2=http://localhost:8080/MyApp/ (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG requestURL: arg1=http://localhost:8080/MyApp/; arg2=http://localhost:8080/MyApp/ (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG scheme: arg1=http; arg2=http (property equals) 
2012-01-08/12:33:43.611 [http-bio-8080-exec-8] DEBUG scheme: arg1=http; arg2=http (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG serverName: arg1=localhost; arg2=localhost (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG serverName: arg1=localhost; arg2=localhost (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG contextPath: arg1=/MyApp; arg2=/MyApp (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG contextPath: arg1=/MyApp; arg2=/MyApp (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG servletPath: arg1=/; arg2=/ (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG servletPath: arg1=/; arg2=/ (property equals) 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Removing DefaultSavedRequest from session if present 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Removing DefaultSavedRequest from session if present 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 7 of 10 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 7 of 10 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 8 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2012-01-08/12:33:43.612 [http-bio-8080-exec-8] DEBUG/at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG/at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG/at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/' 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Converted URL to lowercase, from: '/'; to: '/' 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /accessdenied; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /accessdenied; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /login; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /login; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /j_spring_security_check; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /j_spring_security_check; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /faces/javax.faces.resource/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /faces/javax.faces.resource/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /xmlhttp/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /xmlhttp/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /resources/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /resources/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/faces/javax.faces.resource/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/faces/javax.faces.resource/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/xmlhttp/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/xmlhttp/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/resources/**; matched=false 
2012-01-08/12:33:43.613 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is **/resources/**; matched=false 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Candidate is: '/'; pattern is /**; matched=true 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Secure object: FilterInvocation: URL: /; Attributes: [isAuthenticated()] 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Secure object: FilterInvocation: URL: /; Attributes: [isAuthenticated()] 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Previously Authenticated: org.sprin[email protected]90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Previously Authenticated: org.sprin[email protected]90576bf4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7F9F9C2E2922F5072EE36B6FBCFE8837; Granted Authorities: ROLE_ANONYMOUS 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Voter: org.sp[email protected]338652ff, returned: -1 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Voter: org.sp[email protected]338652ff, returned: -1 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Access is denied (user is anonymous); redirecting to authentication entry point 
org.springframework.security.access.AccessDeniedException: Access is denied 
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) 
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) 
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) 
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) 
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) 
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) 
    at java.lang.Thread.run(Thread.java:619) 
2012-01-08/12:33:43.615 [http-bio-8080-exec-8] DEBUG Access is denied (user is anonymous); redirecting to authentication entry point 
org.springframework.security.access.AccessDeniedException: Access is denied

fonte

2012-01-05 Mahmoud Saleh

risposta

8

Se la pagina di accesso negato è una semplice pagina che non ha bisogno di un controller, si può fare in questo modo:

<!-- This bean resolves specific types of exceptions to corresponding logical 
    - view names for error views. The default behavior of DispatcherServlet - 
    is to propagate all exceptions to the servlet container: this will happen 
    - here with all other types of exceptions. --> 
<bean 
    class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" 
    p:defaultErrorView="uncaughtException"> 
    <property name="exceptionMappings"> 
     <props> 
      <prop key=".DataAccessException">dataAccessFailure</prop> 
      <prop key=".NoSuchRequestHandlingMethodException">resourceNotFound</prop> 
      <prop key=".TypeMismatchException">resourceNotFound</prop> 
      <prop key=".MissingServletRequestParameterException">resourceNotFound</prop> 
      <prop key=".AccessDeniedException">accessDenied</prop> 
     </props> 
    </property> 
</bean> 

<!-- remove this if you need a controller --> 
<mvc:view-controller path="/accessDenied" /> 

<security:intercept-url pattern="/accessDenied" access="permitAll" />

Un altro modo utilizza AccessDeniedHander. Dovresti solo configurare il tag spring-security:access-denied-handler all'interno del tag spring-security:http. In questo modo sembra funzionare solo se la restrizione di accesso è configurata da security:intercept-url, ma non se è eseguita a livello di servizio (ad esempio, tramite annotazioni).

<security:http auto-config="true" ... > 
    ... 
    <security:access-denied-handler error-page="/myAccessDeniedPage"/> 
</security:http>

fonte

2012-01-05 13:53:14 Ralph

+0

sarà questo lavoro configurazione con sicurezza a livello di metodo? Voglio dire se l'utente sta cercando di invocare un servizio o un servizio web con un permesso non sufficiente, verrà reindirizzato alla pagina accessDenied? –

+0

Dipende solo dall'eccezione, indipendentemente da come viene generata. – Ralph

+1

puoi per favore dare un'occhiata alla mia configurazione xml qui sopra, perché la prima cosa che ho provato è stata la '' error-page 'di access-negato-gestore e non funziona, ottengo l'eccezione generata e l'utente non viene reindirizzato al accesso alla pagina negata. –

0

2012-01-08/12: 33: 43,615 [http-bio-8080-exec-8] DEBUG Accesso negato (l'utente è anonimo); reindirizzamento a autenticazione del punto di entrata org.springframework.security.access.AccessDeniedException: accesso negato

Sembra che la tua pagina di login (o alcuni elementi di quella pagina) è disponibile solo per gli utenti registrati.

fonte

2012-01-09 08:59:16 Ralph

+0

il caso è che voglio accedere a una pagina protetta (e richiedere anche un ruolo speciale) dopo che la sessione è finita, e quindi viene lanciata un'eccezione accessDenied. –

+0

@Msaleh: davvero, tutto il tempo il problema è che la sessione è finita? – Ralph

+0

, la sessione è terminata = ruolo anonimo quindi è correlato ai ruoli in ogni caso, questo è per quanto ho capito, cosa mi manca qui? –

4

di programmazione:

@Order(1) 
@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    // 
    // ... 
    // 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     http.exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl() { 
      @Override 
      public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { 
       super.handle(request, response, accessDeniedException); 

       // 
       // Your Code Here 
       // 

      } 

      @Override 
      public void setErrorPage(String errorPage) { 
       super.setErrorPage(errorPage); 

       // 
       // Your Code Here 
       // 

      } 
     }); 

     // 
     // ... 
     // 

    } 

    // 
    // ... 
    // 

}

fonte

2016-01-21 15:43:09

+0

con tutto questo '@Override' sembra js :) – Yura

0 
DEBUG Access is denied (user is anonymous)

se si guarda a primavera codice che vedrai, quella molla chiama accessDeniedHandler solo per utenti non anonimi, quindi la mia soluzione era qualcosa come

<security:intercept-url pattern="/**" access="@storeAccessService.initForExpiredXmlHttpRequest() and _other_rules_here

dove al suo interno initForExpiredXmlHttpRequest() stavo facendo

HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); 
//logic to filter 
UsernamePasswordAuthenticationToken sessionExpiredAuthentication = new UsernamePasswordAuthenticationToken(
       "session-expired", "session-expired"); 
     SecurityContextHolder.getContext().setAuthentication(sessionExpiredAuthentication);

fonte

2016-10-28 13:42:09 Yura

Problemi correlati

 Problemi correlati