我結束了創建一個自定義的訪問決策管理器,類似於AffirmativeBased訪問決策管理:
public class ConfigAttributesIncludedInExceptionAffirmativeBasedAccessDecisionManager extends AbstractAccessDecisionManager
內碼是一樣的AffirmativeBased代碼(小班反正)和而不是拋出一個AccessDeniedException ,我拋出一個自定義的AccessDeniedException。
throw new AccessDeniedExceptionWithConfigAttributes(messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"), configAttributes);
自定義訪問被拒絕的異常只是擴展了AccessDeniedException類,並且有一個名爲configAttributes的屬性。
public class AccessDeniedExceptionWithConfigAttributes extends AccessDeniedException
{
private static final long serialVersionUID = 8733424338864969263L;
private Collection<ConfigAttribute> configAttributes;
public AccessDeniedExceptionWithConfigAttributes (String msg)
{
super(msg);
}
public AccessDeniedExceptionWithConfigAttributes (String msg, Throwable t)
{
super(msg, t);
}
public AccessDeniedExceptionWithConfigAttributes (String msg, Collection<ConfigAttribute> configAttributes)
{
super(msg);
this.setConfigAttributes(configAttributes);
}
public Collection<ConfigAttribute> getConfigAttributes()
{
return configAttributes;
}
public void setConfigAttributes(Collection<ConfigAttribute> configAttributes)
{
this.configAttributes = configAttributes;
}
}
從那裏,我可以簡單地查一下我的AccessDeniedHandler類AccessDeniedException異常是否是我的自定義異常類的實例,如果是的話,申請我需要什麼邏輯。
if(ade instanceof AccessDeniedExceptionWithConfigAttributes)
{
AccessDeniedExceptionWithConfigAttributes adeca = (AccessDeniedExceptionWithConfigAttributes) ade;
...
}
正是我想要的。但是,如果這不是這樣做的正確方法,我希望聽到它。