当前位置:网站首页>13-security其他.md
13-security其他.md
2022-08-03 00:34:00 【张 邵】
跨域处理
//允许跨域
http.cors();
放行swagger相关页面
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(AUTH_WHITELIST); // 忽略swagger ui静态资源
}
// -- swagger ui忽略
private static final String[] AUTH_WHITELIST = {
// -- swagger ui
"/swagger-resources/**",
"/swagger-ui.html",
"/v2/api-docs",
"/webjars/**",
// swagger-boostrap-ui
"/doc.html"
};
异常处理
我们还希望在认证失败或者是授权失败的情况下也能和我们的接口一样返回相同结构的json,这样可以让前端能对响应进行统一的处理。要实现这个功能我们需要知道SpringSecurity的异常处理机制。
在SpringSecurity中,如果我们在认证或者授权的过程中出现了异常会被ExceptionTranslationFilter捕获到。在ExceptionTranslationFilter中会去判断是认证失败还是授权失败出现的异常。
如果是认证过程中出现的异常会被封装成AuthenticationException然后调用AuthenticationEntryPoint对象的方法去进行异常处理。
如果是授权过程中出现的异常会被封装成AccessDeniedException然后调用AccessDeniedHandler对象的方法去进行异常处理。
所以如果我们需要自定义异常处理,我们只需要自定义AuthenticationEntryPoint和AccessDeniedHandler然后配置给SpringSecurity即可。
先注入对应的处理器
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
然后我们可以使用HttpSecurity对象的方法去配置。
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).
accessDeniedHandler(accessDeniedHandler);
实现类
package com.zs.admin.security.exception;
import com.alibaba.fastjson.JSON;
import com.zs.model.common.dtos.ResponseResult;
import com.zs.utils.web.WebUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
ResponseResult result = new ResponseResult(HttpStatus.FORBIDDEN.value(), "权限不足");
String json = JSON.toJSONString(result);
WebUtils.renderString(response,json);
}
}
/** * 用户权限处理 * @author 11921 */
@Component
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(JSON.toJSONString(new Result(false, StatusConst.AUTHORIZED,"没有操作权限")));
}
}
package com.zs.admin.security.exception;
import com.alibaba.fastjson.JSON;
import com.zs.model.common.dtos.ResponseResult;
import com.zs.utils.web.WebUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
ResponseResult result = new ResponseResult(HttpStatus.UNAUTHORIZED.value(), "认证失败请重新登录");
String json = JSON.toJSONString(result);
WebUtils.renderString(response,json);
}
}
/** * 用户未登录处理 * * @author 11921 */
@Component
public class AuthenticationEntryPointImpl implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException {
httpServletResponse.setContentType("application/json;charset=utf-8");
httpServletResponse.getWriter().write(JSON.toJSONString(new Result(false, StatusConst.NOT_LOGIN, "请登录")));
}
}
边栏推荐
猜你喜欢
随机推荐
风电场运营实践 | 麒麟信安助力国华投资山东公司集控中心实现安全智慧化运营
【软考 系统架构设计师】软件架构设计① 软件架构的概念
九零后程序员心声:互联网的同行们,别卷了,再卷人都卷没了
v-if、v-else、v-elseif v-show v-for
可编程逻辑控制器(PLC) : 基础、类型和应用
async-await
JSP第一篇 -----JSP九大内置对象(隐式对象)和四大域对象
NVM和NRM
236. 二叉树的最近公共祖先
[NCTF2019]SQLi-1||SQL注入
【系统架构设计师】第三章 数据库系统
C# 异步编程(async和await)
php提示Array to string conversion
7.29
封装和练习题目
【飞控开发高级教程2】疯壳·开源编队无人机-遥控整机代码走读、编译与烧写
Go高性能之方法接收器 - 指针vs值
vue3的keepAlive缓存组件
2022/8/2 考试总结
Wireshark数据抓包分析之传输层协议(TCP协议)