1、自定义一个过滤器
@Component
public class GlobalExceptionHandlerFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
try {
filterChain.doFilter(servletRequest,servletResponse);
}catch (Exception e){
/**
* 捕捉出现的异常,根据自己的需求进行处理
* ResultEntity 自定义的响应结果封装类
* SCSException 自定义异常
*/
servletResponse.setCharacterEncoding("UTF-8");
ResultEntity resultEntity = null;
if (e instanceof SCSException){
SCSException exception = (SCSException) e;
resultEntity = ResultEntity.error(exception.getCode(),exception.getMessage());
}else {
resultEntity = ResultEntity.error(11111,"其它异常:"+e.getMessage());
}
servletResponse.getWriter().write(JSONObject.toJSONString(resultEntity));
}
}
}
2、自定义spring security配置类中,添加我们自定义的过滤器
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final GlobalExceptionHandlerFilter globalExceptionHandlerFilter;
public WebSecurityConfig(GlobalExceptionHandlerFilter globalExceptionHandlerFilter) {
this.globalExceptionHandlerFilter = globalExceptionHandlerFilter;
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.addFilterBefore(globalExceptionHandlerFilter, ChannelProcessingFilter.class);
}
}
3、原理
security.addFilterBefore(globalExceptionHandlerFilter, ChannelProcessingFilter.class);
就是在 spring security 过滤器之前加入我们自定义的异常捕捉过滤器,这样就不会被spring security 的过滤器捕捉了,而 ChannelProcessingFilter过滤器是官网定义的过滤器链的第一个,因为它可能需要重定向到不同的协议。