【问题标题】:Spring security username not displayed on error page which value is not specifiedSpring Security 用户名未显示在未指定值的错误页面上
【发布时间】:2015-05-06 14:44:05
【问题描述】:

这是我的错误处理控制器。当链接/网址不存在时,它会转到 404 页面。我也使用弹簧安全。基本上,当用户登录时,将显示用户的用户名。但是如果用户输入错误或输入了错误的 url/link,它会显示 404 错误页面但不显示用户名。

package com.syntacks.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class HTTPErrorHandlers{

    String path = "/user";

    @RequestMapping(value="/400")
    public String error400(){
        return path+"/404";
    }

     @RequestMapping(value="/404")
     public String error404(){
         return path+"/404";
     }

     @RequestMapping(value="/500")
     public String error500(){
         return path+"/404";
     }


}

我已经在这里添加了 sec-authorize 来确定用户是否登录。这是放在我的每一页上的。

    <sec:authorize ifAnyGranted="ROLE_USER,ROLE_ADMIN">
    <a class="active" href="/Project/profile?user=${pageContext.request.userPrincipal.name}">${pageContext.request.userPrincipal.name}</a>
                                        <ul class="dropdown">
                                        <li><a href="/Project/<c:url value='logout'/>">Logout</a></li>
                                        </ul>
</sec:authorize>

在 web.xml 我添加了错误代码

<error-page>
        <error-code>400</error-code>
        <location>/400</location>
    </error-page>
    <error-page>
        <error-code>123</error-code>
        <location>/123</location>
    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/404</location>
    </error-page>
        <error-page>
        <error-code>405</error-code>
        <location>/405</location>
    </error-page>
    <error-page>
        <error-code>500</error-code>
        <location>/500.jsp</location>
    </error-page>

因此,如果用户类型为 404 或我指定的任何映射值,它会返回用户名,但如果未指定值或链接,它只会显示 404 页面,其中包含未找到错误页面的文本且未显示用户名。非常感谢您的帮助:)

Spring-security.xml

<beans:beans xmlns:security="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security.xsd">



     <security:http auto-config='true'>
            <security:access-denied-handler error-page="/403" />

            <security:intercept-url pattern="/questions/ask" access="ROLE_USER,ROLE_ADMIN" />
            <security:intercept-url pattern="/profile" access="ROLE_USER" />    
            <security:intercept-url pattern="/view-tags" access="ROLE_ADMIN" />
            <security:intercept-url pattern="view-questions" access="ROLE_ADMIN" />
            <security:intercept-url pattern="/view-users" access="ROLE_ADMIN" />                            
            <security:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login?error"/>
            <security:logout logout-success-url="/login?logout" logout-url="/logout" 
            invalidate-session="false"/>
        </security:http>


     <security:authentication-manager>
            <security:authentication-provider>
                <security:jdbc-user-service data-source-ref="dataSource"  
                    users-by-username-query="select username,password, enabled from users where username=?"  
                    authorities-by-username-query="select username, role from users where username =?  " />
            </security:authentication-provider>
          </security:authentication-manager>
    </beans:beans>

【问题讨论】:

  • 能否分享一下您的 Spring 安全配置。
  • @Mithun,我已经添加了我的 spring-security.xml。

标签: spring spring-security http-status-code-404


【解决方案1】:

使用下面这行代码获取当前登录的用户:

<security:authorize access="isAuthenticated()">
    authenticated as <security:authentication property="principal.username" /> 
</security:authorize>

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2018-10-02
    • 2011-11-25
    • 2017-02-07
    • 2016-11-23
    • 2012-03-22
    • 1970-01-01
    • 1970-01-01
    • 2016-08-18
    相关资源
    最近更新 更多