iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

custom access denied page (#1133)

Browse Source 
* custom access denied page

* fix formatting, remove imports
This commit is contained in:
lor6 2017-02-12 16:11:55 +02:00 committed by KevinGilmore
parent c6c3b71ba1
commit 424f55ac48
7 changed files with 82 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
spring-security-mvc-login/src/main/java/org/baeldung/security/CustomAccessDeniedHandler.java Normal file
View File

@ -0,0 +1,30 @@
package org.baeldung.security;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.access.AccessDeniedHandler;
public class CustomAccessDeniedHandler implements AccessDeniedHandler {
public static final Logger LOG = Logger.getLogger(CustomAccessDeniedHandler.class);
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc) throws IOException, ServletException {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
LOG.warn("User: " + auth.getName() + " attempted to access the protected URL: " + request.getRequestURI());
}
response.sendRedirect(request.getContextPath() + "/accessDenied");
}
}

1
spring-security-mvc-login/src/main/java/org/baeldung/spring/MvcConfig.java
View File

@ -28,6 +28,7 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
registry.addViewController("/login.html"); registry.addViewController("/login.html");
registry.addViewController("/homepage.html"); registry.addViewController("/homepage.html");
registry.addViewController("/admin/adminpage.html"); registry.addViewController("/admin/adminpage.html");
registry.addViewController("/accessDenied");
} }
@Bean @Bean

10
spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
View File

@ -1,5 +1,6 @@
package org.baeldung.spring; package org.baeldung.spring;
import org.baeldung.security.CustomAccessDeniedHandler;
import org.baeldung.security.CustomLogoutSuccessHandler; import org.baeldung.security.CustomLogoutSuccessHandler;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -8,6 +9,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@Configuration @Configuration
@ -53,6 +55,9 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
.logoutUrl("/perform_logout") .logoutUrl("/perform_logout")
.deleteCookies("JSESSIONID") .deleteCookies("JSESSIONID")
.logoutSuccessHandler(logoutSuccessHandler()); .logoutSuccessHandler(logoutSuccessHandler());
//.and()
//.exceptionHandling().accessDeniedPage("/accessDenied");
//.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
// @formatter:on // @formatter:on
} }
@ -60,5 +65,10 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
public LogoutSuccessHandler logoutSuccessHandler() { public LogoutSuccessHandler logoutSuccessHandler() {
return new CustomLogoutSuccessHandler(); return new CustomLogoutSuccessHandler();
} }
@Bean
public AccessDeniedHandler accessDeniedHandler(){
return new CustomAccessDeniedHandler();
}
} }

6
spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
View File

@ -19,10 +19,16 @@
always-use-default-target="true"/> always-use-default-target="true"/>
<logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/> <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
<!-- <access-denied-handler error-page="/accessDenied"/> -->
<access-denied-handler ref="customAccessDeniedHandler"/>
</http> </http>
<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/> <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
<beans:bean name="customAccessDeniedHandler" class="org.baeldung.security.CustomAccessDeniedHandler" />
<authentication-manager> <authentication-manager>
<authentication-provider> <authentication-provider>
<user-service> <user-service>

15
spring-security-mvc-login/src/main/webapp/WEB-INF/view/accessDenied.jsp Normal file
View File

@ -0,0 +1,15 @@
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Access Denied</title>
</head>
<body>
<h2>Sorry, you do not have permission to view this page.</h2>
Click <a href="<c:url value="/homepage.html" /> ">here</a> to go back to the Homepage.
</body>
</html>

24
spring-security-mvc-login/src/main/webapp/WEB-INF/view/homepage.jsp
View File

@ -4,21 +4,23 @@
<head></head> <head></head>
<body> <body>
<h1>This is the body of the sample view</h1> <h1>This is the body of the sample view</h1>
<security:authorize access="hasRole('ROLE_USER')"> <security:authorize access="hasRole('ROLE_USER')">
This text is only visible to a user This text is only visible to a user
<br/> <br/> <br/>
</security:authorize> <a href="<c:url value="/admin/adminpage.html" />">Restricted Admin Page</a>
<br/> <br/>
</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')"> <security:authorize access="hasRole('ROLE_ADMIN')">
This text is only visible to an admin This text is only visible to an admin
<br/> <br/>
<a href="<c:url value="/admin/adminpage.html" />">Admin Page</a> <a href="<c:url value="/admin/adminpage.html" />">Admin Page</a>
<br/> <br/>
</security:authorize> </security:authorize>
<a href="<c:url value="/perform_logout" />">Logout</a>
<a href="<c:url value="/perform_logout" />">Logout</a>
</body> </body>
</html> </html>

7
spring-security-mvc-login/src/main/webapp/WEB-INF/web.xml
View File

@ -43,8 +43,15 @@
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>
<error-page>
<error-code>403</error-code>
<location>/accessDenied</location>
</error-page>
<!-- <welcome-file-list> --> <!-- <welcome-file-list> -->
<!-- <welcome-file>index.html</welcome-file> --> <!-- <welcome-file>index.html</welcome-file> -->
<!-- </welcome-file-list> --> <!-- </welcome-file-list> -->
</web-app> </web-app>