SpringBoot认证失败处理器+授权失败处理器+统一异常处理
认证失败处理器
这里@Component注解别忘了,因为在Security配置实现类中需要注入这个对象
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
//打印异常信息捕获异常类型方便,响应给前端
e.printStackTrace();
//BadCredentialsException :当用户名或者密码错误抛出此异常
//InsufficientAuthenticationException :权限不足或需要登录时抛出此异常
ResponseResult result=null;
if(e instanceof BadCredentialsException){
//这里返回的消息是异常类型的消息
result = ResponseResult.errorResult(AppHttpCodeEnum.LOGIN_ERROR.getCode(),e.getMessage());
}else if(e instanceof InsufficientAuthenticationException){
result = ResponseResult.errorResult(AppHttpCodeEnum.NEED_LOGIN);
}else{
result = ResponseResult.errorResult(AppHttpCodeEnum.SYSTEM_ERROR.getCode(),
"认证或者授权失败");
}
//响应给前端
WebUtils.renderString(response, JSON.toJSONString(result));
}
}
授权失败处理器
package com.mrs.common.handle.security;
import com.alibaba.fastjson.JSON;
import com.mrs.common.ResponseResult;
import com.mrs.common.enums.AppHttpCodeEnum;
import com.mrs.utils.WebUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* description: AccessDeniedHandlerImpl授权失败处理器
* date: 2022/8/8 17:44
* author: MR.孙
*/
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
//打印异常信息捕获异常类型方便,响应给前端
e.printStackTrace();
ResponseResult result = ResponseResult.errorResult(AppHttpCodeEnum.NO_OPERATOR_AUTH);
//响应给前端
WebUtils.renderString(response, JSON.toJSONString(result));
}
}
Security配置
package com.mrs.config;
import com.mrs.filter.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* description: SecurityConfig
* date: 2022/8/7 22:11
* author: MR.孙
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//使用BCryptPasswordEncoder进行加密
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired
AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
AccessDeniedHandler accessDeniedHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//关闭csrf
.csrf().disable()
//不通过Session获取SecurityContext
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// 对于登录接口 允许匿名访问
.antMatchers("/login").anonymous()
//jwt过滤器测试用,如果测试没有问题吧这里删除了
.antMatchers("/link/getAllLink").authenticated()
// 除上面外的所有请求全部不需要认证即可访问
.anyRequest().permitAll();
//把jwtAuthenticationTokenFilter添加到SpringSecurity的过滤器链中
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
//配置异常处理器
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler);
http.logout().disable();
//允许跨域
http.cors();
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
统一异常处理
因为上面的两个异常处理器只是针对认证和授权的,如果出现其它异常可以使用统一异常处理器
现在如果出现了异常,我们想要返回数据到前端就可以使用统一异常处理了,假如现在来判断用户名是否为空,为空则抛出自定义异常被异常处理器捕获,并返回给前端。
BlogLoginController
@PostMapping("/login")
public ResponseResult login(@RequestBody User user){
if(!StringUtils.hasText(user.getUserName())){
//提示必须要传用户名
throw new SystemException(AppHttpCodeEnum.REQUIRE_USERNAME);
}
return blogLoginService.login(user);
}
自定义异常SystemException
package com.mrs.exception;
import com.mrs.common.enums.AppHttpCodeEnum;
/**
* description: SystemException
* date: 2022/8/8 18:41
* author: MR.孙
*/
public class SystemException extends RuntimeException{
private Integer code;
private String msg;
public Integer getCode() {
return code;
}
public String getMsg() {
return msg;
}
public SystemException(AppHttpCodeEnum httpCodeEnum) {
super(httpCodeEnum.getMsg());
this.code=httpCodeEnum.getCode();
this.msg=httpCodeEnum.getMsg();
}
}
统一异常处理器GlobalExceptionHandler
出现的异常只要在其中声明即可捕获
package com.mrs.common.exception;
import com.mrs.common.ResponseResult;
import com.mrs.common.enums.AppHttpCodeEnum;
import com.mrs.exception.SystemException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
/**
* description: GlobalExceptionHandler
* date: 2022/8/8 19:04
* author: MR.孙
*/
@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler {
@ExceptionHandler(SystemException.class)
public ResponseResult systemExceptionHandler(SystemException e){
//打印异常信息
log.error("出现了异常: {}",e);
//从异常对象中获取提示信息并封装返回
return ResponseResult.errorResult(e.getCode(),e.getMsg());
}
@ExceptionHandler(Exception.class)
public ResponseResult exceptionHandler(Exception e){
//打印异常信息
log.error("出现了异常: {}",e);
//从异常对象中获取提示信息并封装返回
return ResponseResult.errorResult(AppHttpCodeEnum.SYSTEM_ERROR.getCode(),e.getMessage());
}
}
浙公网安备 33010602011771号