Spring Security Oauth2 自定义 OAuth2 Exception

程序员知识圈

 关注

阅读 52

2021-09-24

AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常

AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常

配置类:在资源服务器中配置

@Configuration
@EnableResourceServer // 开启资源服务器
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(6)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Bean
    public TokenStore tokenStore() {
        // 基于 JDBC 实现,令牌保存到数据库
        //return new JdbcTokenStore(dataSource);
        // 基于redis 实现, 令牌保存到redis
        return new RedisTokenStore(redisConnectionFactory);
    }

    @Bean
    MyAuthenticationEntryPoint myAuthenticationEntryPoint() {
        return new MyAuthenticationEntryPoint();
    }

    @Bean
    MyAccessDeniedHandler myAccessDeniedHandler() {
        return new MyAccessDeniedHandler();
    }

    @Override
    public void configure(HttpSecurity http) {
        // 省略
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resource) {
        //这里把自定义异常加进去
        resource.tokenStore(tokenStore).authenticationEntryPoint(myAuthenticationEntryPoint())
                .accessDeniedHandler(myAccessDeniedHandler());
    }
}

之后,自定义AuthenticationEntryPoint的实现类:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }
}

自定义,AccessDeineHandler:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAccessDeineHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }

}

相关推荐

OAuth2 & Spring Security OAuth2 总结

梦为马 111 0 0

spring security oauth2

萨摩斯加士奇 135 0 0

Spring Security Oauth2

小龟老师 100 0 0

Spring Security oAuth2

西曲风 63 0 0

spring security oauth2 自定义实现令牌存储

yongxinz 61 0 0

Spring Cloud Security OAuth2

树下的老石头 74 0 0

Spring Security OAuth2 SSO

若如初梘 138 0 0

spring boot security oauth2 jwt

钎探穗 40 0 0

spring security oauth2 jwt 示例

boomwu 71 0 0

一文带你了解 OAuth2 协议与 Spring Security OAuth2 集成!

90哦吼 39 0 0

精彩评论(0)

0 0 举报