一、环境准备
【Spring Security Oauth2】构建资源服务器(一):构建服务
二、默认响应数据和自定义响应数据对比
1、默认响应数据
- 请求头中未传入token
- 请求头中传入错误token
- 请求头中传入正确token,但是该token没有该接口的权限
2、自定义响应数据
-
请求头中未传入token
-
请求头中传入错误token
-
请求头中传入正确token,但是该token没有该接口的权限
三、代码修改
1、新增UserAccessDeniedHandler类和UserAuthenticationEntryPoint类,分别实现AccessDeniedHandler接口和AuthenticationEntryPoint接口。
package com.cyun.sys.config.access;
import com.cyun.core.result.HttpStatus;
import com.cyun.core.result.ResultVO;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用来解决认证过的用户访问无权限资源时的异常
*
* @author panfu.he
*/
@Component
public class UserAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException {
httpServletResponse.setContentType("text/json;charset=utf-8");
httpServletResponse.getWriter().print(ResultVO.error(HttpStatus.SC_UNAUTHORIZED, "访问权限认证未通过!!!"));
}
}
package com.cyun.sys.config.access;
import com.cyun.core.result.HttpStatus;
import com.cyun.core.result.ResultVO;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用来解决匿名用户访问token验证失败时的异常
*
* @author panfu.he
*/
@Component
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException {
httpServletResponse.setContentType("text/json;charset=utf-8");
httpServletResponse.getWriter().print(ResultVO.error(HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED, "身份认证失败!!!"));
}
}
2、修改ResourceServerConfig类的configure(ResourceServerSecurityConfigurer resources)资源管理方法。
// 依赖注入
private final UserAuthenticationEntryPoint userAuthenticationEntryPoint;
private final UserAccessDeniedHandler userAccessDeniedHandler;
/**
* 资源管理
*
* @param resources 资源管理
*/
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
//资源 id
resources.resourceId(RESOURCE_ID)
//验证令牌的服务
.tokenServices(tokenService())
.authenticationEntryPoint(userAuthenticationEntryPoint)
.accessDeniedHandler(userAccessDeniedHandler);
}