- 授权失败处理
当用户请求资源服务的资源时,需要进行用户的认证和授权检查,当认证或授权检查失败,我们需要要返回自己的失败结果信息,可以通过HttpSecurity设置授权失败结果处理器,内部通过 ExceptionTranslationFilter 调用AuthenticationEntryPoint实现匿名用户授权失败结果处理, ExceptionTranslationFilter 通过 AccessDeniedHandler来处理授权失败结果处理
- 定义认证检查失败处理
①定义AccessDeniedHandler
AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常
package cn.x.th.config;
import cn.x.th.util.AjaxResult;//博客有这个工具类
import com.alibaba.fastjson.JSON;//博客有这个工具依赖
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
public class DefaultAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
String result = JSON.toJSONString(AjaxResult.me().setSuccess(false).setMessage("无访问权限"));
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
writer.print(result);
writer.flush();
writer.close();
}
}
②定义AuthenticationEntryPoint
AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常
package cn.x.th.config;
import com.alibaba.druid.support.json.JSONUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
e.printStackTrace();
httpServletResponse.setContentType("application/json;charset=utf-8");
Map<String,Object> result = new HashMap<>();
result.put("success",false);
result.put("message","登录失败,用户名或密码错误["+e.getMessage()+"]");
httpServletResponse.getWriter().print(JSONUtils.toJSONString(result));
}
}
③配置异常处理器(在WebSecurityConfig添加)
//异常处理
http.exceptionHandling()
.accessDeniedHandler(new DefaultAccessDeniedHandler ())
.authenticationEntryPoint(new MyAuthenticationEntryPoint());//身份认证验证失败配置