master
wei.zhang2
parent
f9b21e481d
commit
5082df5be4
|
|
@ -2,6 +2,7 @@ package com.boot.security.server.advice;
|
|||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.converter.HttpMessageNotReadableException;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.web.bind.MissingServletRequestParameterException;
|
||||
import org.springframework.web.bind.UnsatisfiedServletRequestParameterException;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
|
|
@ -29,6 +30,12 @@ public class ExceptionHandlerAdvice {
|
|||
return ResponseInfo.builder().code(HttpStatus.BAD_REQUEST.value() + "").message(exception.getMessage()).build();
|
||||
}
|
||||
|
||||
@ExceptionHandler({ AccessDeniedException.class })
|
||||
@ResponseStatus(HttpStatus.FORBIDDEN)
|
||||
public ResponseInfo badRequestException(AccessDeniedException exception) {
|
||||
return ResponseInfo.builder().code(HttpStatus.FORBIDDEN.value() + "").message(exception.getMessage()).build();
|
||||
}
|
||||
|
||||
@ExceptionHandler({ MissingServletRequestParameterException.class, HttpMessageNotReadableException.class,
|
||||
UnsatisfiedServletRequestParameterException.class, MethodArgumentTypeMismatchException.class })
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
|
@ -35,6 +36,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Autowired
|
||||
private LogoutSuccessHandler logoutSuccessHandler;
|
||||
@Autowired
|
||||
private AuthenticationEntryPoint authenticationEntryPoint;
|
||||
@Autowired
|
||||
private UserDetailsService userDetailsService;
|
||||
@Autowired
|
||||
private TokenFilter tokenFilter;
|
||||
|
|
@ -56,7 +59,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
"/img/**", "/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**")
|
||||
.permitAll().anyRequest().authenticated();
|
||||
http.formLogin().loginPage("/login.html").loginProcessingUrl("/login")
|
||||
.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
|
||||
.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
|
||||
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
|
||||
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
|
||||
// 解决不允许显示在iframe的问题
|
||||
http.headers().frameOptions().disable();
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import org.springframework.http.HttpStatus;
|
|||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
|
|
@ -83,6 +84,25 @@ public class SecurityHandlerConfig {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* 未登录,返回401
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Bean
|
||||
public AuthenticationEntryPoint authenticationEntryPoint() {
|
||||
return new AuthenticationEntryPoint() {
|
||||
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException, ServletException {
|
||||
ResponseInfo info = ResponseInfo.builder().code(HttpStatus.UNAUTHORIZED.value() + "").message("请先登录")
|
||||
.build();
|
||||
ResponseUtil.responseJson(response, HttpStatus.UNAUTHORIZED.value(), info);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* 退出处理
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Insert title here</title>
|
||||
</head>
|
||||
<body>
|
||||
未授权
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -72,7 +72,12 @@
|
|||
<script type="text/javascript" src="../../js/plugin/datatables/jquery.dataTables.min.js"></script>
|
||||
<script type="text/javascript" src="../../js/plugin/datatables/dataTables.bootstrap.min.js"></script>
|
||||
<script type="text/javascript" src="../../js/my/permission.js"></script>
|
||||
<script type="text/javascript" src="../../layui/layui.js"></script>
|
||||
<script type="text/javascript">
|
||||
layui.use([ 'layer' ], function() {
|
||||
var layer = layui.layer;
|
||||
});
|
||||
|
||||
var pers = checkPermission();
|
||||
|
||||
var example;
|
||||
|
|
|
|||
Loading…
Reference in New Issue