问题
In a Spring MVC (3.2.4) application with Spring Security (3.2.0.RC2) with Sitemesh (2.4.2), the web.xml file has this entry:
<error-page>
<error-code>403</error-code>
<location>/error?code=403</location>
</error-page>
which maps to ErrorController:
@RequestMapping("error")
public String displayErrorPage(
@RequestParam(value = "code", defaultValue = "0") int code,
Model model, final HttpServletRequest request, Principal principal) {
// ...
return "errorPage";
}
which displays errorPage.jsp via an InternalResourceViewResolver (there are no other view resolvers in the app).
The security works fine and errorPage.jsp is displayed when an unauthorized user tries to access a secured page, but the the page is not decorated. Every other page in the application is decorated without any issues and errorPage.jsp lives in the same directory as other JSPs that are decorated without any problems. This application is using the Servlet 3.0 spec.
回答1:
This seems to be a Sitemesh bug (see: http://forum.spring.io/forum/spring-projects/security/37742-sitemesh-decoration-problem) that can be solved via a redirect. For various reasons I did not want to do the redirect from within the JSP page, so I changed my controller:
@RequestMapping("error")
public String displayErrorPage(
@RequestParam(value = "code", defaultValue = "0") int code,
RedirectAttributes redirectAttributes, final HttpServletRequest request,
Principal principal) {
// ...
redirectAttributes.addFlashAttribute("myAttribute", myAttribute);
return "redirect:/displayError";
}
@RequestMapping("displayError")
public String displayError() {
return "errorPage";
}
来源:https://stackoverflow.com/questions/19907706/custom-error-page-not-decorated-by-sitemesh-in-spring-security-application