SpringSecurity权限认证(二)
当未登陆或者token失效时访问接口时,自定的返回结果
当用户未登录时,不希望返回错误信息,而返回自定义结果时,就需要自行进行配置,在SecurityConfig进行配置。
@Autowired
private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login")
.permitAll()
.anyRequest()
.authenticated()
.and()
.headers()
.cacheControl();
http.csrf().disable();
//添加自定义未授权和未登录结果返回
http.exceptionHandling()
.authenticationEntryPoint(restAuthorizationEntryPoint);
}
创建RestAuthorizationEntryPoint 实现 AuthenticationEntryPoint接口
package com.bep.server.config.security;
import com.bep.server.pojo.Result;
import com.f