当用户发起了一个请求的时候,如果没有对应的权限或者角色,会返回一个默认的拦截页面,我们可以自定义一个处理403异常的方法
--自定义异常403处理方法 当请求被拒绝的时候就会执行
@Component
public class MyAccessDeniedHandle implements AccessDeniedHandler{
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); // 设置返回状态为403
httpServletResponse.setHeader("Content-Type","application/json;charset=utf-8");
PrintWriter out = httpServletResponse.getWriter();
out.write("{\"status\":\"error\",\"msg\":\"权限不足,请联系管理员!\"}");
out.flush();
out.close();
}
}
在配置类里面再加上下面这段
@Autowired
private MyAccessDeniedHandle myAccessDeniedHandler;
http.exceptionHandling()
// .accessDeniedHandler(myAccessDeniedHandler); 返回json请求
.accessDeniedPage("/showAccessDenied") // 返回页面 只适用非前端框架的方式,适用于同步请求方式,所有异步使用AccessDeniedHandler