在handler包下:
package com.wyt.handler;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
*
**/
@Component
public class MyAccess implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
PrintWriter writer = httpServletResponse.getWriter();
writer.write("{\"status\":\"error\",\"msg\":\"权限不足,请联系管理 员!\"}");
writer.flush();
writer.close();
}
}
修改配置
//异常处理
http.exceptionHandling()
.accessDeniedHandler(myAccess);
package com.wyt.config;
import com.wyt.handler.MyAccess;
import com.wyt.handler.MyAuth;
import com.wyt.handler.MyAuthF;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
*
**/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyAccess myAccess;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginProcessingUrl("/login").failureHandler(new MyAuthF("/fail.html"))
// .failureForwardUrl("/fail")
.successHandler(new MyAuth("/mian.html")).loginPage("/login.html");
//url拦截(授权)部分 匹配规则+权限控制
http.authorizeRequests()
.antMatchers("/login.html").permitAll()//loigin.html被放行
.antMatchers("/fail.html").permitAll()
/* .antMatchers("/main1.html").hasAuthority("admin")*/
.antMatchers("/main1.html").hasRole("abC")
.anyRequest().authenticated();//所有的请求都必须被认证,必须登录才能访问
//关闭csrf
http.csrf().disable();
//异常处理
http.exceptionHandling()
.accessDeniedHandler(myAccess);
}
//采用哪种加密算法
@Bean
public PasswordEncoder getPe(){
return new BCryptPasswordEncoder();
}
}