@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.apply(new HelloConfigurer<>())
.and()
.authorizeRequests()
.antMatchers("/error").permitAll()
.antMatchers("/temp").permitAll()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
@Override
public <O extends FilterSecurityInterceptor> O postProcess(O interceptor) {
AccessDecisionManager based = interceptor.getAccessDecisionManager();
interceptor.setAccessDecisionManager(new AccessDecisionManager() {
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if (authentication instanceof UserAuthenticateToken) {
for (GrantedAuthority authority : ((UserAuthenticateToken) authentication).getAuthorities()) {
if (authority.getAuthority().equals("DISABLED_USER")) {
throw new HelloUserDisabledException("用户无权限");
}
}
}
based.decide(authentication, object, configAttributes);
}
@Override
public boolean supports(ConfigAttribute attribute) {
return based.supports(attribute);
}
@Override
public boolean supports(Class<?> clazz) {
return based.supports(clazz);
}
});
return interceptor;
}
});
}
spring security重写权限不足提示
最新推荐文章于 2024-09-03 16:35:17 发布