如何在 spring-security-javaconfig 中添加拒绝访问的处理程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18154864/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I add an Access Denied Handler in spring-security-javaconfig
提问by pChip
I'm using the spring-security-javaconfig library for spring security. If I were using xml config files, I'd use something like this to define a custom Access Denied page:
我正在使用 spring-security-javaconfig 库来保证 spring 安全。如果我使用 xml 配置文件,我会使用这样的东西来定义一个自定义的拒绝访问页面:
<http auto-config="true">
<intercept-url pattern="/admin*" access="ROLE_ADMIN" />
<access-denied-handler ref="accessDeniedHandler"/>
</http>
Here is my security configuration class so far:
到目前为止,这是我的安全配置类:
@Configuration
@EnableWebSecurity
public class SecurityConfigurator extends WebSecurityConfigurerAdapter {
@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeUrls().antMatchers( "/admin").hasRole("ADMIN");
}
}
采纳答案by Jk1
I suppose this should do the trick:
我想这应该可以解决问题:
HttpSecurity http = ...
http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);
