`
zhoujianghai
  • 浏览: 439749 次
  • 性别: Icon_minigender_1
  • 来自: 深圳
社区版块
存档分类
最新评论

关于org.springframework.security.AccessDeniedException: Access is denied

阅读更多

在做系统权限管理时使用了springsecurity,出现了如下问题,当一个未授权的用户访问一个被保护的方法时,抛出org.springframework.security.AccessDeniedException: Access is denied。未转到指定的拒绝访问页面,但是当该用户访问被保护的页面时,却能成功转向指定的拒绝访问页面。异常如下:

 

org.springframework.security.AccessDeniedException: Access is denied
org.springframework.security.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
org.springframework.security.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:262)
org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:63)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy1.deleteKyxm(Unknown Source)
cn.edu.kmust.sysglxt.actions.KyxmAction.delete(KyxmAction.java:243)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:440)
com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:279)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:242)
com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:163)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:249)
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:148)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:93)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:235)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:89)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:128)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.interceptor.ProfilingActivationInterceptor.intercept(ProfilingActivationInterceptor.java:104)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:267)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:126)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:138)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:148)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:128)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:176)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:236)
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:468)
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:395)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99)
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138)

 

 

我在springsecurity配置文件里配置了access-denied-page="/commons/accessDenied.jsp"

在网上也没找到想要的结果,从异常分析可能org.springframework.security.AccessDeniedException并没有被springsecurity处理,而是被struts2的拦截器拦截了,解决办法如下:

在struts.xml中添加了下面的配置
<global-results>
<result name="accessException">/commons/accessDenied.jsp</result>
</global-results>

<!-- 捕获AccessDeniedException,并转到相应的页面-->
<global-exception-mappings>
<exception-mapping result="accessException" exception="org.springframework.security.AccessDeniedException" name="accessException"></exception-mapping>
</global-exception-mappings>

本人暂时还没有想到更好的方法~

 

分享到:
评论
3 楼 zhoujianghai 2010-06-01  
,用acegi配置的话,自己改ExceptionTranslationFilter倒还可以,如果用springsecurity,又要增添很多的其他的配置了~
2 楼 yunan246 2010-06-01  
额,发现AcegiSecurityException异常是从InvocationTargetException抛出来的,再抛给ServletException 。改了改ExceptionTranslationFilter源码,可以了。
catch (ServletException ex) {
if (ex.getRootCause() instanceof AuthenticationException
|| ex.getRootCause() instanceof AccessDeniedException) {
handleException(request, response, chain, (AcegiSecurityException) ex.getRootCause());
}
else {
if (ex.getRootCause() instanceof InvocationTargetException){
InvocationTargetException e =        (InvocationTargetException)ex.getRootCause();
if(e.getCause() instanceof AccessDeniedException){
handleException(request, response, chain, (AcegiSecurityException) e.getCause());
}
}

    throw ex;
}
}
1 楼 yunan246 2010-06-01  
我也遇到介个问题鸟,但是用的是struts1.29和acegi1.07,不知道咋整

相关推荐

    拒绝访问异常处理(AccessDeniedException)_spring security例子

    拒绝访问异常处理(AccessDeniedException)_spring security例子 博客:blog.csdn.net/dsundsun

    自定义Spring Security的身份验证失败处理方法

    自定义Spring Security的身份验证失败处理方法 在 Spring Security 中,身份验证失败处理方法是一个非常重要的组件,它能够帮助我们处理身份验证失败的情况。然而,默认的身份验证失败处理方法并不总是能够满足我们...

    Spring Security如何使用URL地址进行权限控制

    import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.authentication....

    Spring Security Annotation tutorial

    org.springframework.security.access.AccessDeniedException: Access is denied ``` 通过以上介绍,我们可以看到 Spring Security 注解的强大功能,它不仅简化了安全性配置,还提高了开发效率,使得安全控制更加...

    spring security2配置

    1. **配置初始化**:在Spring Security 2中,我们需要创建一个配置类,继承自`org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter`。在这个类中,我们可以通过覆盖`...

    不错的spring security 例子

    &lt;exception-mapping exception="AccessDeniedException" access-denied-page="/denied"/&gt; ... ``` #### 五、参考资料 - **Spring Security官方文档**: 官方文档是最权威的学习资源,包含了所有细节。 - **...

    spring-security.rar

    &lt;groupId&gt;org.springframework.boot &lt;artifactId&gt;spring-boot-starter-security ``` 一旦依赖添加完成,Spring Security 将自动启用,并提供默认的安全配置。然而,在实际项目中,我们通常需要根据业务需求进行...

    spring spring security2.5 jar

    1. **依赖管理**:确保Spring Security的jar包与Spring Framework的版本兼容。在项目中正确引入这些jar包,通常通过Maven或Gradle的依赖管理来实现。 2. **配置文件**:在Spring的XML配置文件中,需要添加Spring ...

    一个比较好的spring security实例

    Spring Security通过Filter Security Interceptor(FSI)和Access Decision Manager(ADM)等组件来实现这一过程。 1. **配置Spring Security**: - 配置类:Spring Security可以通过自定义配置类进行初始化,例如...

    spring security demo2

    Spring Security 是一个强大的且高度可定制的身份验证和访问控制框架,用于保护基于Java的应用程序。在"spring security demo2"项目中,我们很显然会深入探索如何在实际应用中配置和使用Spring Security来确保Web...

    SpringSecurity4.0.4官方文档

    7. **异常处理**:Spring Security 提供了自定义的异常处理机制,比如未授权访问(`AccessDeniedException`)和认证失败(`AuthenticationException`)。 8. **国际化**:Spring Security 支持多语言环境,可以通过...

    Spring-Security2.0.zip

    这些文件可能包括Spring Security的核心库、依赖的Spring Framework版本以及其他必要的库,比如数据库驱动或加密库。这些jar文件用于构建项目类路径,确保Spring Security能正常工作。 在实际项目中,开发者需要...

    Java_示例演示如何使用Spring Boot 2和Spring Security 5保护API.zip

    3. **授权(Access Control)**:通过Spring Security的`@PreAuthorize`和`@PostAuthorize`注解,我们可以对方法级别进行细粒度的访问控制。此外,还可以配置角色和权限,例如`hasRole()`和`hasAuthority()`,以限制...

    Spring Security 3.x 完整入门教程 源代码

    2. **访问控制**:Spring Security 的核心概念之一是访问决策管理器(Access Decision Manager),它决定了用户是否被允许访问某个资源。使用`@Secured`或`@PreAuthorize`等注解可以实现方法级别的权限控制,而`...

    Spring Security 3 源码分析文档

    1. **架构概述**:Spring Security的核心架构由一系列组件构成,如Filter Chain、Authentication Manager、Access Decision Manager等。学习这些组件如何协同工作,可以深入理解Spring Security的整体工作流程。 2....

    Spring_Security入门demo(maven项目)

    Spring Security 自带一套预定义的安全异常,如`AccessDeniedException`表示访问被拒绝,`AuthenticationException`表示认证失败。你可以定义全局的异常处理策略,或为特定异常提供自定义的响应。 **9. 拦截器和...

    springsecurity3 入门案例

    SpringSecurity是Java领域中一款强大的安全框架,主要用于处理Web应用的安全问题,如用户认证、授权等。本入门案例将引导你逐步了解并掌握SpringSecurity3的基本使用和执行流程。在这个过程中,我们将探讨以下核心...

    springSecurity 案例

    7. **JAR包依赖**:解压文件中包含的JAR包可能包含了SpringSecurity和其他必要的依赖库,如Spring Framework、Spring Boot等,这些都是运行案例所必需的。 通过这个案例,你可以深入理解SpringSecurity的工作原理,...

    Spring_security 3.x 登录权限测试模块.以及源码.

    Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,用于Java应用程序。在3.x版本中,它提供了丰富的功能,包括用户身份验证、角色权限管理、会话管理以及基于HTTP的安全性。这个压缩包文件可能...

Global site tag (gtag.js) - Google Analytics