1

我的 web.xml 中有以下安全约束

<security-constraint>
    <display-name>Admin Pages</display-name>
    <web-resource-collection>

        <web-resource-name>Protected Admin Area</web-resource-name>
        <description/>
        <url-pattern>/administrator/*</url-pattern>
        <url-pattern>/faces/backend/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>PUT</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>administrator</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

它工作正常。但我想重定向用户(已经登录的用户具有一些分配角色但不是角色管理员)。在这种情况下。当用户尝试访问 url http://mywebap//administrator/ * 他从服务器得到响应

403 Forbiden.

我不会在这里显示它,而是将用户重定向到一些更友好的视图。有可能的?

4

1 回答 1

1

只需将所需页面配置为web.xml.

<error-page>
    <error-code>403</error-code>
    <location>/WEB-INF/errorpages/403.xhtml</location>
</error-page>

这假设您已经涵盖*.xhtml了. 并且,它被放置以防止直接访问FacesServlet/WEB-INF

于 2015-05-26T15:28:07.373 回答