总结
先上自己的总结:如果自己学习spring security,学习成本太高了。本菜鸡学了一个星期才弄明白一丢丢,一开始看大佬的博客,虽然能看懂,但是很多东西都不理解为什么这么做。只有自己去写一个demo(花费了好几天),才能彻底能清楚。
1、处理没有权限
/**
* 处理没有权限
*/
@Component
public class CustomizeAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
Result result = new Result().error(ResultCode.NO_PERMISSION);
httpServletResponse.setContentType(MediaType.APPLICATION_PROBLEM_JSON_UTF8_VALUE);
httpServletResponse.getWriter().write(JSON.toJSONString(result));
}
}
2、处理未登录授权
/**
* 处理未登录授权
*/
@Component
public class CustomizeAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
Result result = new Result().error(ResultCode.NO_PERMISSION);
result.setMsg("未授权,请先登录");
httpServletResponse.setContentType(MediaType.APPLICATION_PROBLEM_JSON_UTF8_VALUE);
httpServletResponse.getWriter().write(JSON.toJSONString(result));
}
}
3、处理登录失败错误
/**
* 处理登录失败各种错误
*/
@Component
public class CustomizeAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
HashMap<Class<? extends Exception>, Result> map = new HashMap<Class<? extends Exception>, Result>() {
{
put(AccountExpiredException.class, new Result().error(ResultCode.USER_ACCOUNT_EXPIRED)); //账号过期
put(BadCredentialsException.class, new Result().error(ResultCode.USER_CREDENTIALS_ERROR)); //密码错误
put(CredentialsExpiredException.class, new Result().error(ResultCode.USER_CREDENTIALS_EXPIRED)); //密码过期
put(DisabledException.class