Spring 未指定值的错误页面上未显示安全用户名
Spring security username not displayed on error page which value is not specified
这是我的错误处理程序控制器。当 links/urls 不存在时,它会转到 404 页面。我也在使用 spring 安全性。基本上,当用户登录时,会显示用户的用户名。但如果用户输入错误或输入错误 url/link,它会显示 404 错误页面,但不会显示用户名。
package com.syntacks.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class HTTPErrorHandlers{
String path = "/user";
@RequestMapping(value="/400")
public String error400(){
return path+"/404";
}
@RequestMapping(value="/404")
public String error404(){
return path+"/404";
}
@RequestMapping(value="/500")
public String error500(){
return path+"/404";
}
}
我已经在这里添加了 sec-authorize 来确定用户是否登录。这放在我的每一页上。
<sec:authorize ifAnyGranted="ROLE_USER,ROLE_ADMIN">
<a class="active" href="/Project/profile?user=${pageContext.request.userPrincipal.name}">${pageContext.request.userPrincipal.name}</a>
<ul class="dropdown">
<li><a href="/Project/<c:url value='logout'/>">Logout</a></li>
</ul>
</sec:authorize>
在 web.xml 我添加了错误代码
<error-page>
<error-code>400</error-code>
<location>/400</location>
</error-page>
<error-page>
<error-code>123</error-code>
<location>/123</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/404</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/405</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/500.jsp</location>
</error-page>
因此,如果用户键入 404 或我指定的任何映射值 return 用户名,但如果未指定值或 link,它只会显示 404 页面,其中未找到错误页面没有显示用户名的文本。非常感谢您的帮助:)
Spring-security.xml
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config='true'>
<security:access-denied-handler error-page="/403" />
<security:intercept-url pattern="/questions/ask" access="ROLE_USER,ROLE_ADMIN" />
<security:intercept-url pattern="/profile" access="ROLE_USER" />
<security:intercept-url pattern="/view-tags" access="ROLE_ADMIN" />
<security:intercept-url pattern="view-questions" access="ROLE_ADMIN" />
<security:intercept-url pattern="/view-users" access="ROLE_ADMIN" />
<security:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login?error"/>
<security:logout logout-success-url="/login?logout" logout-url="/logout"
invalidate-session="false"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from users where username =? " />
</security:authentication-provider>
</security:authentication-manager>
</beans:beans>
使用以下代码行获取当前登录的用户:
<security:authorize access="isAuthenticated()">
authenticated as <security:authentication property="principal.username" />
</security:authorize>
这是我的错误处理程序控制器。当 links/urls 不存在时,它会转到 404 页面。我也在使用 spring 安全性。基本上,当用户登录时,会显示用户的用户名。但如果用户输入错误或输入错误 url/link,它会显示 404 错误页面,但不会显示用户名。
package com.syntacks.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class HTTPErrorHandlers{
String path = "/user";
@RequestMapping(value="/400")
public String error400(){
return path+"/404";
}
@RequestMapping(value="/404")
public String error404(){
return path+"/404";
}
@RequestMapping(value="/500")
public String error500(){
return path+"/404";
}
}
我已经在这里添加了 sec-authorize 来确定用户是否登录。这放在我的每一页上。
<sec:authorize ifAnyGranted="ROLE_USER,ROLE_ADMIN">
<a class="active" href="/Project/profile?user=${pageContext.request.userPrincipal.name}">${pageContext.request.userPrincipal.name}</a>
<ul class="dropdown">
<li><a href="/Project/<c:url value='logout'/>">Logout</a></li>
</ul>
</sec:authorize>
在 web.xml 我添加了错误代码
<error-page>
<error-code>400</error-code>
<location>/400</location>
</error-page>
<error-page>
<error-code>123</error-code>
<location>/123</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/404</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/405</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/500.jsp</location>
</error-page>
因此,如果用户键入 404 或我指定的任何映射值 return 用户名,但如果未指定值或 link,它只会显示 404 页面,其中未找到错误页面没有显示用户名的文本。非常感谢您的帮助:)
Spring-security.xml
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config='true'>
<security:access-denied-handler error-page="/403" />
<security:intercept-url pattern="/questions/ask" access="ROLE_USER,ROLE_ADMIN" />
<security:intercept-url pattern="/profile" access="ROLE_USER" />
<security:intercept-url pattern="/view-tags" access="ROLE_ADMIN" />
<security:intercept-url pattern="view-questions" access="ROLE_ADMIN" />
<security:intercept-url pattern="/view-users" access="ROLE_ADMIN" />
<security:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login?error"/>
<security:logout logout-success-url="/login?logout" logout-url="/logout"
invalidate-session="false"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, role from users where username =? " />
</security:authentication-provider>
</security:authentication-manager>
</beans:beans>
使用以下代码行获取当前登录的用户:
<security:authorize access="isAuthenticated()">
authenticated as <security:authentication property="principal.username" />
</security:authorize>