Spring Security OAuth2认证资源服务器异常处理
两个异常处理的接口
AuthenticationEntryPoint:用来解决匿名用户访问无权限资源时的异常,也就是跟token相关的资源异常
AccessDeniedHandler:用来解决认证过的用户访问无权限资源时的异常,主要跟权限控制相关
自定义AuthenticationEntryPoint异常处理类
/**
* @Description: 用来解决匿名用户访问无权限资源时的异常
* @Package: cn.appblog.security.oauth2.handler.UserAuthenticationEntryPoint
* @Version: 1.0
*/
@Component
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getStatus(), StringUtils.join(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getMessage(), ",", e.toString())), response);
}
}自定义AccessDeniedHandler接口实现类
/**
* @Description: 用来解决认证过的用户访问无权限资源时的异常
* @Package: cn.appblog.security.oauth2.handler.AjaxAccessDeniedHandler
* @Version: 1.0
*/
@Component
public class UserAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getStatus(),
StringUtils.join(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getMessage(), ",", e.toString())), response);
}
}相关工具方法
public class HttpUtils {
/**
* 异常输出工具类
*/
public static void writeError(BaseResponse bs, HttpServletResponse response) throws IOException {
response.setContentType("application/json,charset=utf-8");
response.setStatus(bs.getStatus());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.writeValue(response.getOutputStream(), bs);
}
/**
* SUCESS输出工具类
*/
public static void writeSuccess(BaseResponse bs, HttpServletResponse response) throws IOException {
response.setContentType("application/json,charset=utf-8");
response.setStatus(bs.getStatus());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.writeValue(response.getOutputStream(), bs);
}
}@Data
public class BaseResponse implements Serializable {
private int status;
private String message;
@JsonInclude(JsonInclude.Include.NON_NULL)
private Object data;
/**
* 创建响应对象
*/
public static BaseResponse createResponse(int status, String message) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(status);
baseResponse.setMessage(message);
return baseResponse;
}
/**
* 创建响应对象
*/
public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(httpStatusMsg.getStatus());
baseResponse.setMessage(httpStatusMsg.getMessage());
return baseResponse;
}
/**
* 创建响应对象
*/
public static BaseResponse createResponse(int status, String message, Object data) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(status);
baseResponse.setMessage(message);
baseResponse.setData(data);
return baseResponse;
}
/**
* 创建响应对象
*/
public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg, Object data) {
BaseResponse baseResponse = new BaseResponse();
baseResponse.setStatus(httpStatusMsg.getStatus());
baseResponse.setMessage(httpStatusMsg.getMessage());
baseResponse.setData(data);
return baseResponse;
}
}本文转载参考 原文 并加以调试
版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/20/spring-security-oauth2-authentication-resource-server-exception-handling/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。
THE END
0
二维码
打赏
海报
Spring Security OAuth2认证资源服务器异常处理
两个异常处理的接口
AuthenticationEntryPoint:用来解决匿名用户访问无权限资源时的异常,也就是跟token相关的资源异常
AccessDeniedHandler:用来解决认证过……
文章目录
关闭
共有 0 条评论