当前位置:网站首页>13-security其他.md
13-security其他.md
2022-08-03 00:34:00 【张 邵】
跨域处理
//允许跨域
http.cors();
放行swagger相关页面
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(AUTH_WHITELIST); // 忽略swagger ui静态资源
}
// -- swagger ui忽略
private static final String[] AUTH_WHITELIST = {
// -- swagger ui
"/swagger-resources/**",
"/swagger-ui.html",
"/v2/api-docs",
"/webjars/**",
// swagger-boostrap-ui
"/doc.html"
};
异常处理
我们还希望在认证失败或者是授权失败的情况下也能和我们的接口一样返回相同结构的json,这样可以让前端能对响应进行统一的处理。要实现这个功能我们需要知道SpringSecurity的异常处理机制。
在SpringSecurity中,如果我们在认证或者授权的过程中出现了异常会被ExceptionTranslationFilter捕获到。在ExceptionTranslationFilter中会去判断是认证失败还是授权失败出现的异常。
如果是认证过程中出现的异常会被封装成AuthenticationException然后调用AuthenticationEntryPoint对象的方法去进行异常处理。
如果是授权过程中出现的异常会被封装成AccessDeniedException然后调用AccessDeniedHandler对象的方法去进行异常处理。
所以如果我们需要自定义异常处理,我们只需要自定义AuthenticationEntryPoint和AccessDeniedHandler然后配置给SpringSecurity即可。
先注入对应的处理器
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
然后我们可以使用HttpSecurity对象的方法去配置。
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).
accessDeniedHandler(accessDeniedHandler);
实现类
package com.zs.admin.security.exception;
import com.alibaba.fastjson.JSON;
import com.zs.model.common.dtos.ResponseResult;
import com.zs.utils.web.WebUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
ResponseResult result = new ResponseResult(HttpStatus.FORBIDDEN.value(), "权限不足");
String json = JSON.toJSONString(result);
WebUtils.renderString(response,json);
}
}
/** * 用户权限处理 * @author 11921 */
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(JSON.toJSONString(new Result(false, StatusConst.AUTHORIZED,"没有操作权限")));
}
}
package com.zs.admin.security.exception;
import com.alibaba.fastjson.JSON;
import com.zs.model.common.dtos.ResponseResult;
import com.zs.utils.web.WebUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
ResponseResult result = new ResponseResult(HttpStatus.UNAUTHORIZED.value(), "认证失败请重新登录");
String json = JSON.toJSONString(result);
WebUtils.renderString(response,json);
}
}
/** * 用户未登录处理 * * @author 11921 */
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException {
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(JSON.toJSONString(new Result(false, StatusConst.NOT_LOGIN, "请登录")));
}
}
边栏推荐
- 2022 Shandong International Youth Eye Health Industry Exhibition, Vision Health Exhibition, Optometry Exhibition
- 北路智控上市首日破发:公司市值59亿 募资15.6亿
- GTK实现水波纹效果
- 鲲鹏devkit开发套件
- flutter 每个要注意的点
- NLP commonly used Backbone model cheat sheet (1)
- 7.31
- 2022年8月2日——使用idea搭建servlet+jsp项目
- Carefully organize 16 MySQL usage specifications to reduce problems by 80% and recommend sharing with the team
- 2149. 按符号重排数组
猜你喜欢
随机推荐
新公链时代的跨链安全性解决方案
【Autosar RTM】
在表格数据上,为什么基于树的模型仍然优于深度学习?
30岁测试开发年薪不足80万,还要被面试官diss混得太差?
【Leetcode】305.岛屿数量II(困难)
NVM和NRM
SAP ABAP OData 服务如何支持修改(Update)操作试读版
Moco of Mock tools use tutorial
Carefully organize 16 MySQL usage specifications to reduce problems by 80% and recommend sharing with the team
【遥控器开发基础教程4】疯壳·开源编队无人机-SPI(OLED)
7.29
esp32和ros2基础篇草稿-micro-ros-
SAP 电商云 Spartacus UI 的持续集成 - Continous integration
绿色版-SQL环境搭建
pytest-常用运行参数
【多线程】Thread类的基本用法
【软考 系统架构设计师】软件架构设计① 软件架构的概念
一个人的精力
风电场运营实践 | 麒麟信安助力国华投资山东公司集控中心实现安全智慧化运营
Day117. Shangyitong: Generate registered order module