Java 如何在 Spring MVC 中返回 403 Forbidden?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/45546/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I return a 403 Forbidden in Spring MVC?
提问by Will Harris
I want my controller to return the right HTTP response code when the user lacks permission to view a particular page.
当用户没有查看特定页面的权限时,我希望我的控制器返回正确的 HTTP 响应代码。
采纳答案by Cheekysoft
Quickie
匆匆
If you are using plain JSP views (as is most common), then simply add
如果您使用的是普通的 JSP 视图(这是最常见的),那么只需添加
<% response.setStatus( 403 ); %>
somewhere in your view file. At the top is a nice place.
在您的视图文件中的某处。顶部是一个不错的地方。
Detail
细节
In MVC, i would always set this in the view, and in most cases with Spring-MVC, use the SimpleMappingExceptionResolverto present the correct view in response to a thrown runtime Exception.
在 MVC 中,我总是在视图中设置它,并且在大多数情况下使用 Spring-MVC,使用SimpleMappingExceptionResolver来呈现正确的视图以响应抛出的运行时异常。
For example: create and throw a PermissionDeniedExceptionin your controller or service layer and have the exception resolver point to a view file permissionDenied.jsp. This view file sets the 403 status and shows the user an appropriate message.
例如:PermissionDeniedException在您的控制器或服务层中创建并抛出一个,并让异常解析器指向一个视图文件permissionDenied.jsp。此视图文件设置 403 状态并向用户显示适当的消息。
In your Spring bean XML file:
在您的 Spring bean XML 文件中:
<bean id="exceptionResolver"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<prop key="PermissionDeniedException">
rescues/permissionDenied
</prop>
... set other exception/view mappings as <prop>s here ...
</props>
</property>
<property name="defaultErrorView" value="rescues/general" />
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
If you need to implement a user login mechanism, take a look at Spring Security(formerly Acegi Security).
如果您需要实现用户登录机制,请查看Spring Security(原 Acegi Security)。
回答by John Boker
Use this:
response.setStatus(403).
使用这个:
response.setStatus(403)。
回答by Joe Liversedge
Using an ExceptionResolveris a great way to go, but if you just want this to be view-independent, you could certainly make a call to response.sendError(HttpServletResponse.SC_FORBIDDEN, "AdditionalInformationIfAvailable");in your Controller.
使用 anExceptionResolver是一个很好的方法,但如果你只是希望它与视图无关,你当然可以response.sendError(HttpServletResponse.SC_FORBIDDEN, "AdditionalInformationIfAvailable");在你的控制器中调用。
回答by yankee
Create an Exception annotated with @ResponseStatuse.g. like this:
创建一个用@ResponseStatus注释的异常,例如像这样:
@ResponseStatus(HttpStatus.FORBIDDEN)
public class ForbiddenException extends RuntimeException {
}
Now just throw that Exception in your handler method and the response will have status 403.
现在只需在您的处理程序方法中抛出该异常,响应将具有状态 403。
回答by Chris Ritchie
You can also just throw
你也可以扔
org.springframework.security.access.AccessDeniedException("403 returned");
This returns a 403 in the response header.
这将在响应标头中返回 403。
