springboot security 自定义 AuthenticationEntryPoint 和 AccessDeineHandler

原创 2018年04月17日 15:51:31

找了大半天的资料终于在国外的网站上找到了,相关问题,不过还好把security的认证流程和授权流程又重新看了遍:

AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常

AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常

配置类:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
            .and()
                .csrf().disable()
            .authorizeRequests()
                .antMatchers("/user/sign").permitAll().anyRequest().authenticated()
            .and()
                .addFilter(new JWTLoginFilter(authenticationManager()))
                .addFilter(new JwtAuthenticationFilter(authenticationManager()));
                //添加自定义异常入口,处理accessdeine异常
        http.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
        .accessDeniedHandler(new CustomAccessDeineHandler());       
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }
}

之后,自定义AuthenticationEntryPoint的实现类:


import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }

}

自定义,AccessDeineHandler:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAccessDeineHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }

}

Spring Security-认证过程的发起(ExceptionTranslationFilter,AuthenticationEntryPoint)

发起的条件:      用户访问资源时,发生授权异常(AuthenticationException)或认证异(AccessDeniedException),ExceptionTranslationF...
  • kaikai8552
  • kaikai8552
  • 2009-02-24 15:16:00
  • 13451

SpringSecurity学习四-自定义Login请求和返回的数据格式

完美解决了Spring Security自定义Login请求,自定义Login返回内容及其数据格式的需求。...
  • lee353086
  • lee353086
  • 2016-09-21 17:26:30
  • 6882

Spring Security Basic Authentication

原文地址:http://www.javaarch.net/jiagoushi/696.htm Spring Security Basic Authentication spring secur...
  • zhongweijian
  • zhongweijian
  • 2013-06-02 16:13:37
  • 4994

spring-security错误记录(1)

记录spring-security错误: 严重: Context initialization failed org.springframework.beans.factory.parsing.Be...
  • u011080848
  • u011080848
  • 2015-03-29 19:41:31
  • 2030

Spring Security调研记录【二】--实现异步Json请求的基本认证与Url权限控制

Spring Security、异步请求、登录、认证、权限控制、json
  • lld2002
  • lld2002
  • 2015-05-25 19:20:39
  • 3320

springboot + security 自定义登陆校验Filter

默认的登陆校验Filter是UsernamePasswordAuthenticationFilter,实现顺序是 AbstractAuthenticationProcessingFilter.doF...
  • mushuntaosama
  • mushuntaosama
  • 2017-12-26 17:44:13
  • 437

16.玩转Spring Boot 使用Spring security 集成CAS

玩转Spring Boot 使用Spring security 集成CAS 在上一篇中说了Spring Boot 使用Spring security,在这一篇中将讲讲Spring security ...
  • cl_andywin
  • cl_andywin
  • 2017-01-03 22:38:47
  • 12201

在Spring Boot中整合Spring Security并自定义验证代码

最终效果 1、实现页面访问权限限制 2、用户角色区分,并按照角色区分页面权限 3、实现在数据库中存储用户信息以及角色信息 4、自定义验证代码...
  • tzdwsy
  • tzdwsy
  • 2016-02-25 15:58:06
  • 33393

spring boot + mybatis + spring security(自定义登录界面)环境搭建

例子可以在 码云上下载:https://gitee.com/aqu415/twboot.git概述在前不久用了spring boot、mybatis、spring security搭建了一个工程,中间...
  • Aqu415
  • Aqu415
  • 2017-12-03 22:11:16
  • 2182
收藏助手
不良信息举报
您举报文章:springboot security 自定义 AuthenticationEntryPoint 和 AccessDeineHandler
举报原因:
原因补充:

(最多只允许输入30个字)