Spring Security OAuth2认证资源服务器异常处理

两个异常处理的接口

AuthenticationEntryPoint:用来解决匿名用户访问无权限资源时的异常,也就是跟token相关的资源异常
AccessDeniedHandler:用来解决认证过的用户访问无权限资源时的异常,主要跟权限控制相关

自定义AuthenticationEntryPoint异常处理类

1
2
3
4
5
6
7
8
9
10
11
12
/**
* @Description: 用来解决匿名用户访问无权限资源时的异常
* @Package: cn.appblog.security.oauth2.handler.UserAuthenticationEntryPoint
* @Version: 1.0
*/
@Component
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getStatus(), StringUtils.join(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getMessage(), ",", e.toString())), response);
}
}

自定义AccessDeniedHandler接口实现类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
/**
* @Description: 用来解决认证过的用户访问无权限资源时的异常
* @Package: cn.appblog.security.oauth2.handler.AjaxAccessDeniedHandler
* @Version: 1.0
*/
@Component
public class UserAccessDeniedHandler implements AccessDeniedHandler {

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getStatus(),
StringUtils.join(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getMessage(), ",", e.toString())), response);
}
}

相关工具方法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
public class HttpUtils {
/**
* 异常输出工具类
*/
public static void writeError(BaseResponse bs, HttpServletResponse response) throws IOException {
response.setContentType("application/json,charset=utf-8");
response.setStatus(bs.getStatus());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.writeValue(response.getOutputStream(), bs);
}

/**
* SUCESS输出工具类
*/
public static void writeSuccess(BaseResponse bs, HttpServletResponse response) throws IOException {
response.setContentType("application/json,charset=utf-8");
response.setStatus(bs.getStatus());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.writeValue(response.getOutputStream(), bs);
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
@Data
public class BaseResponse implements Serializable {
private int status;
private String message;
@JsonInclude(JsonInclude.Include.NON_NULL)
private Object data;

/**
* 创建响应对象
*/
public static BaseResponse createResponse(int status, String message) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(status);
baseResponse.setMessage(message);
return baseResponse;
}

/**
* 创建响应对象
*/
public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(httpStatusMsg.getStatus());
baseResponse.setMessage(httpStatusMsg.getMessage());
return baseResponse;
}

/**
* 创建响应对象
*/
public static BaseResponse createResponse(int status, String message, Object data) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(status);
baseResponse.setMessage(message);
baseResponse.setData(data);
return baseResponse;
}

/**
* 创建响应对象
*/
public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg, Object data) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(httpStatusMsg.getStatus());
baseResponse.setMessage(httpStatusMsg.getMessage());
baseResponse.setData(data);
return baseResponse;
}
}

本文转载参考 原文 并加以调试

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :