Spring Security访问拒绝处理程序

Question

我和这里有完全相同的问题，只是答案对我没有意义。

Spring Security Access Denied Handler - how do you determine what the URL was that the user tried to access?

我试图通过创建这个跟随他们在他们的答案都在说：

@RequestMapping("/invalidPermission") 
public void invalidPermission(HttpServletRequest request) { 
    System.out.println(request.getServletPath()); 
} 

然而，request.getServletPath（）显然会打印出/ invalidPermission代替原来的网址他们试图访问。

任何想法？

谢谢！

更新：这里是工作的代码

<access-denied-handler ref="FooAccessDeniedHandler" /> 
<bean id="FooAccessDeniedHandler" 
    class="my.pkg.AccessDeniedExceptionHandler"> 
    <property name="errorPage" value="/path-to/custom403.jsp" /> 
</bean> 

package my.pkg.AccessDeniedExceptionHandler; 

import java.io.IOException; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import org.springframework.security.access.AccessDeniedException; 
import org.springframework.security.web.access.AccessDeniedHandler; 

public final class AccessDeniedExceptionHandler implements AccessDeniedHandler { 

    private String errorPage; 

    @Override 
    public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException arg2) throws IOException, ServletException { 
     System.out.println(String.format("URL [%s] ", request.getServletPath())); 
     response.sendRedirect(getErrorPage()); 
    } 

    public String getErrorPage() { 
     return errorPage; 
    } 

    public void setErrorPage(String errorPage) { 
     this.errorPage = errorPage; 
    } 

}

Answer 1

在这个问题的答案，他们使用手柄定制AccessDeniedHandler（）方法，而不是一个控制器动作。