스프링 부트 주석에 403 금지 된 오류를 처리하는 방법은 무엇입니까?

Question

스프링 부트시 금지 된 403 문제를 처리하는 데 문제가 있습니다. WebSecurityConfigurerAdapter를 확장하여 클래스를 처리하여 커스 터 마이징했다. 금지 된 출력을 제공하고있다. 403 URL로 리디렉션되어야하지만 작동하지 않습니다. 나는 초보자이며 어디서 잘못인지 모른다.

public class WebAppInitializer implements WebApplicationInitializer { 
    @Override 
    public void onStartup(ServletContext servletContext) 
      throws ServletException { 
     AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext(); 

     ctx.register(SecurityConfiguration.class); 
     ctx.setServletContext(servletContext); 
     //ctx.register(SecurityConfiguration.class); 
     DispatcherServlet dispatcherServlet = new DispatcherServlet(ctx); 
     dispatcherServlet.setThrowExceptionIfNoHandlerFound(true); 


     Dynamic dynamic = servletContext.addServlet("dispatcher", dispatcherServlet); 
     dynamic.addMapping("/data/*"); 

     dynamic.setLoadOnStartup(1); 
    } 
} 

내 appconfig가 클래스

package com.portal.spring.config; 

import org.springframework.context.annotation.ComponentScan; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.web.servlet.config.annotation.EnableWebMvc; 
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 

@Configuration 
@ComponentScan("com.portal") 
@EnableWebMvc 
public class AppConfig extends WebMvcConfigurerAdapter { 
} 

및 보안 설정

package com.portal.spring.config; 
import java.util.logging.Logger; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 
    private static final Logger log= Logger.getLogger(SecurityConfiguration.class.getName()); 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.exceptionHandling().accessDeniedHandler(new AccessDenyHandler()); 
     } 
} 

하고 여기에

package com.portal.spring.config; 
import java.io.IOException; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import org.springframework.security.access.AccessDeniedException; 
import org.springframework.security.web.access.AccessDeniedHandler; 

public class AccessDenyHandler implements AccessDeniedHandler { 

    @Override 
    public void handle(HttpServletRequest request, HttpServletResponse response, 
      AccessDeniedException arg2) throws IOException, ServletException { 
     response.sendRedirect("//403"); 
    } 
} 

Answer 1

내 AccessDenied 처리기입니다 accessdenyhandler. Spring AccessDeniedHandler 구현에 명시 적으로 위임했습니다.하지만 처리해야하는 CSRF 관련 항목이 있습니다. 이 앱은 특정 앱이므로 아래 코드에 포함되지 않습니다. SecurityConfig와 같은 다른 코드는 내가 사용했던 것과 비슷합니다.

public class MyAccessDeniedHandler implements AccessDeniedHandler { 

    private AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl(); 

    public void handle(HttpServletRequest request, HttpServletResponse response, 
      AccessDeniedException accessDeniedException) throws IOException, ServletException { 

     //Some CSRF related code 

     // Then call accessDeniedHandlerImpl.handle to handle request 
     accessDeniedHandlerImpl.handle(request, response, accessDeniedException); 
    } 

    /** 
    * The error page to use. Must begin with a "/" and is interpreted relative to the current context root. 
    * 
    * @param errorPage the dispatcher path to display 
    * 
    * @throws IllegalArgumentException if the argument doesn't comply with the above limitations 
    * @see AccessDeniedHandlerImpl#setErrorPage(String) 
    */ 
    public void setErrorPage(String errorPage) { 
     // You can set custom error page here 
     accessDeniedHandlerImpl.setErrorPage(errorPage); 
    } 
}