第一次故意输错密码
第二次使用admin登入,然后反问user页面的getUser
统一定义返回
/**
* @Auth yaozhongjie
* @Date 2019/7/3 20:44
**/
public class Render {
public static void respJson(String msg,HttpServletResponse httpServletResponse){
httpServletResponse.setContentType("application/json");
httpServletResponse.setCharacterEncoding("utf-8");
PrintWriter writer = null;
try {
writer = httpServletResponse.getWriter();
writer.write(JSON.toJSONString(Result.error(msg),SerializerFeature.WriteMapNullValue));
writer.flush();
writer.close();
} catch (IOException e) {
e.printStackTrace();
}finally {
writer.close();
}
}
}
Result类标准化输出。需要lombok插件
/**
* @Auth yaozhongjie
* @Date 2019/6/28 9:56
**/
@Data
public class Result<T> {
private Integer code;
private String msg;
private T data;
public static Result success(String msg){
Result result=new Result();
result.code=0;
result.msg=msg;
return result;
}
public static Result success(JSONObject data){
Result result=new Result();
result.code=0;
result.msg="success";
result.data=data;
return result;
}
public static Result error(String msg){
Result result=new Result();
result.code=-1;
result.msg=msg;
return result;
}
}
添加权限异常处理
/**
* @Auth yaozhongjie
* @Date 2019/7/3 20:37
**/
@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
Render.respJson("无权访问",httpServletResponse);
}
}
添加授权失败处理
/**
* @Auth yaozhongjie
* @Date 2019/7/3 20:43
**/
@Component
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
Render.respJson("认证失败",httpServletResponse);
}
}
httpSecurity中配置异常处理器
/*
@Autowired
MyAccessDeniedHandler accessDeniedHandler;
@Autowired
MyAuthenticationFailureHandler authenticationFailureHandler;
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers("/data/*").hasRole("ADMIN")
.mvcMatchers("/admin/*").hasRole("ADMIN")
.mvcMatchers("/user/*").hasRole("USER")
.anyRequest()
.authenticated()
;
//注意认证失败处理在这里配置
http.formLogin().failureHandler(authenticationFailureHandler).permitAll();
//权限校验失败处理在这配置
http.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
}