Springboot+Security用户无权限返回自定义信息

最新推荐文章于 2023-09-15 08:45:08 发布

别让☞流星☜迷路

最新推荐文章于 2023-09-15 08:45:08 发布

阅读量6.5k

点赞数 3

分类专栏：技术博客文章标签： Springboot+security 自定义403错误

技术博客专栏收录该内容

3 篇文章 0 订阅

订阅专栏

@Springboot+Security用户无权限返回自定义信息

返回信息分为跳转自定义页面和字符串提醒

返回信息分为跳转自定义页面和字符串提醒,这里我将都介绍并将自己遇到的问题做出解释

返回自定义界面提示

只需要修改启动类

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
import org.springframework.boot.web.servlet.ErrorPage;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

import com.example.App.security.UserService;

@SpringBootApplication
@ComponentScan(basePackages =“com.example.App”)
@EnableAutoConfiguration
public class LoginApplication extends WebMvcConfigurerAdapter {

public static void main(String[] args) {
	// TODO Auto-generated method stub
	SpringApplication.run(LoginApplication.class, args);
}

 @Bean
    public UserDetailsService userDetailsService() {
        return new UserService();
    }
    /**
     * 自定义异常页
     */
 @Bean
 public EmbeddedServletContainerCustomizer containerCustomizer() {

    return (container -> {
         //可以定义多个自定义页面
         //注意:如果使用thymeleaf错误页面默认src/main/resources/templates/error路径下
         //否则在main/resources/static路径下
         //具体关于页面路径问题请详细阅读https://blog.csdn.net/w995223851/article/details/88350054
         ErrorPage error403Page = new ErrorPage(HttpStatus.UNAUTHORIZED, "/403.html");
         ErrorPage error404Page = new ErrorPage(HttpStatus.NOT_FOUND, "/404.html");
         //参数可变
         container.addErrorPages(error403Page,error404Page);
    });
 }
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
    }

}

返回自定义消息提示

新建MyAccessDeniedHandler类实现AccessDeniedHandler接口

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

无权限用户提示设置
*/
@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {

@Override
public void handle(HttpServletRequest request, HttpServletResponse response,AccessDeniedException accessDeniedException) throws IOException, ServletException {
```
 //返回json形式的错误信息        
 response.setCharacterEncoding("UTF-8");
 response.setContentType("application/json");
 response.getWriter().println("我愚蠢的弟弟啊 ! 你跑错厕所了 ! ");
 response.getWriter().flush();
```
}

}

2.在继承了WebSecurityConfigurerAdapter 的WebSecurityConfig类中添加和修改

添加
@Bean
public AccessDeniedHandler getAccessDeniedHandler() {
return new MyAccessDeniedHandler();
}
修改 configure(HttpSecurity http)方法
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
//无权限用户提示字符串消息设置
.exceptionHandling()
// getAccessDeniedHandler()是上文的方法
.accessDeniedHandler(getAccessDeniedHandler())
//and()是连接不同配置的
.and()
…