认证异常处理
@Component
public class Renzheng implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
ResponseResult result=new ResponseResult<>(HttpStatus.UNSUPPORTED_MEDIA_TYPE.value(), "用户账号密码错误");
WebUtils.renderString(httpServletResponse, JSON.toJSONString(result));
}
}
授权异常处理
@Component
public class AccessDeniedExceptionImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
ResponseResult result=new ResponseResult<>(400,"授权失败");
WebUtils.renderString(httpServletResponse,JSON.toJSONString(result));
}
}
添加异常处理
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired
private AccessDeniedExceptionImpl accessDeniedException;
@Autowired
private Renzheng renzheng;
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//关闭csrf
.csrf().disable()
//不通过Session获取SecurityContext
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 对于登录接口 允许匿名访问
.antMatchers("/user/login").anonymous()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
http.exceptionHandling()
//认证处理
.authenticationEntryPoint(renzheng)
//异常处理
.accessDeniedHandler(accessDeniedException);
}
标签:http,自定义,class,ResponseResult,httpServletResponse,SpringSecurity,失败,result,publi
From: https://www.cnblogs.com/fubai/p/18442937