Spring Security OAuth2认证资源服务器异常处理

两个异常处理的接口

AuthenticationEntryPoint:用来解决匿名用户访问无权限资源时的异常,也就是跟token相关的资源异常
AccessDeniedHandler:用来解决认证过的用户访问无权限资源时的异常,主要跟权限控制相关

自定义AuthenticationEntryPoint异常处理类

/**
 * @Description: 用来解决匿名用户访问无权限资源时的异常
 * @Package: cn.appblog.security.oauth2.handler.UserAuthenticationEntryPoint
 * @Version: 1.0
 */
@Component
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getStatus(), StringUtils.join(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getMessage(), ",", e.toString())), response);
    }
}

自定义AccessDeniedHandler接口实现类

/**
 * @Description: 用来解决认证过的用户访问无权限资源时的异常
 * @Package: cn.appblog.security.oauth2.handler.AjaxAccessDeniedHandler
 * @Version: 1.0
 */
@Component
public class UserAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
        HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getStatus(),
                StringUtils.join(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getMessage(), ",", e.toString())), response);
    }
}

相关工具方法

public class HttpUtils {
    /**
     * 异常输出工具类
     */
    public static void writeError(BaseResponse bs, HttpServletResponse response) throws IOException {
        response.setContentType("application/json,charset=utf-8");
        response.setStatus(bs.getStatus());
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.writeValue(response.getOutputStream(), bs);
    }

    /**
     * SUCESS输出工具类
     */
    public static void writeSuccess(BaseResponse bs, HttpServletResponse response) throws IOException {
        response.setContentType("application/json,charset=utf-8");
        response.setStatus(bs.getStatus());
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.writeValue(response.getOutputStream(), bs);
    }
}
@Data
public class BaseResponse implements Serializable {
    private int status;
    private String message;
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private Object data;

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(int status, String message) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(status);
        baseResponse.setMessage(message);
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(httpStatusMsg.getStatus());
        baseResponse.setMessage(httpStatusMsg.getMessage());
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(int status, String message, Object data) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(status);
        baseResponse.setMessage(message);
        baseResponse.setData(data);
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg, Object data) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(httpStatusMsg.getStatus());
        baseResponse.setMessage(httpStatusMsg.getMessage());
        baseResponse.setData(data);
        return baseResponse;
    }
}

本文转载参考 原文 并加以调试

版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/20/spring-security-oauth2-authentication-resource-server-exception-handling/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
打赏
海报
Spring Security OAuth2认证资源服务器异常处理
两个异常处理的接口 AuthenticationEntryPoint:用来解决匿名用户访问无权限资源时的异常,也就是跟token相关的资源异常 AccessDeniedHandler:用来解决认证过……
<<上一篇
下一篇>>
文章目录
关闭
目 录