使用Spring Security标签库将异常映射到404页面 [英] Mapping an exception to 404 page while using Spring Security taglibs

问题描述

将异常映射到404页面时，Spring Security标签无法从安全上下文中找到认证信息。使用真实404进行身份验证。

When mapping an Exception to 404 page, the Spring Security tags can't find the authentication information from the security context. With a "real" 404 the authentication is found.

我的web.xml：

<error-page>
  <exception-type>com.example.NotFoundException</exception-type>
  <location>/app/404</location>
</error-page>

<error-page>
  <error-code>404</error-code>
  <location>/app/404</location>
</error-page>

在JSP上我有：

<sec:authorize access="hasRole('ROLE_USER')">
  <%-- Show navigation links --%>
</sec:authorize>
<sec:authorize access="isAnonymous()">
  <%-- Show login form --%>
</sec:authorize>

/ app / 404 路径被映射到一个刚刚返回视图的控制器。当我浏览到 / foo / some_invalid_id 时，$ code> NotFoundException 从控制器中抛出，最后当它进入JSP时在 SecurityContext 中找不到身份验证，并且不显示两个选项。相反，当我浏览到 / something_that_really_doesnt_exist 时，可以弄清楚我是否登录，并呈现适当的HTML。

The /app/404 path is mapped to a controller which just returns the view. When I browse to /foo/some_invalid_id the NotFoundException gets thrown from the controller and finally when it goes to the JSP it can't find the authentication in SecurityContext and renders neither of the two options. Instead, when I'm browsing to /something_that_really_doesnt_exist it's able to figure out whether I'm logged in or not and renders the proper HTML.

推荐答案

将以下两个调度器元素添加到spring安全过滤器映射中：

Add the following two dispatcher elements to your spring security filter-mapping:

<filter-mapping>
    ...
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

默认情况下只有普通请求经过定义的过滤器映射。

By default only ordinary requests go through a defined filter-mapping.

INCLUDE和FORWARD是另外两个有效的调度程序元素值。

"INCLUDE" and "FORWARD" are the two other valid dispatcher element values.

这篇关于使用Spring Security标签库将异常映射到404页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！