diff --git a/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java b/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
index 8810472..ea104a6 100644
--- a/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
+++ b/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
@@ -2,6 +2,7 @@ package com.boot.security.server.advice;
import org.springframework.http.HttpStatus;
import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.MissingServletRequestParameterException;
import org.springframework.web.bind.UnsatisfiedServletRequestParameterException;
import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -29,6 +30,12 @@ public class ExceptionHandlerAdvice {
return ResponseInfo.builder().code(HttpStatus.BAD_REQUEST.value() + "").message(exception.getMessage()).build();
}
+ @ExceptionHandler({ AccessDeniedException.class })
+ @ResponseStatus(HttpStatus.FORBIDDEN)
+ public ResponseInfo badRequestException(AccessDeniedException exception) {
+ return ResponseInfo.builder().code(HttpStatus.FORBIDDEN.value() + "").message(exception.getMessage()).build();
+ }
+
@ExceptionHandler({ MissingServletRequestParameterException.class, HttpMessageNotReadableException.class,
UnsatisfiedServletRequestParameterException.class, MethodArgumentTypeMismatchException.class })
@ResponseStatus(HttpStatus.BAD_REQUEST)
diff --git a/src/main/java/com/boot/security/server/config/SecurityConfig.java b/src/main/java/com/boot/security/server/config/SecurityConfig.java
index 48f3684..26ced15 100644
--- a/src/main/java/com/boot/security/server/config/SecurityConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java
@@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -35,6 +36,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LogoutSuccessHandler logoutSuccessHandler;
@Autowired
+ private AuthenticationEntryPoint authenticationEntryPoint;
+ @Autowired
private UserDetailsService userDetailsService;
@Autowired
private TokenFilter tokenFilter;
@@ -56,7 +59,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
"/img/**", "/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**")
.permitAll().anyRequest().authenticated();
http.formLogin().loginPage("/login.html").loginProcessingUrl("/login")
- .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
+ .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
+ .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 解决不允许显示在iframe的问题
http.headers().frameOptions().disable();
diff --git a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
index 24606c5..300b279 100644
--- a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
@@ -13,6 +13,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@@ -83,6 +84,25 @@ public class SecurityHandlerConfig {
}
+ /**
+ * 未登录,返回401
+ *
+ * @return
+ */
+ @Bean
+ public AuthenticationEntryPoint authenticationEntryPoint() {
+ return new AuthenticationEntryPoint() {
+
+ @Override
+ public void commence(HttpServletRequest request, HttpServletResponse response,
+ AuthenticationException authException) throws IOException, ServletException {
+ ResponseInfo info = ResponseInfo.builder().code(HttpStatus.UNAUTHORIZED.value() + "").message("请先登录")
+ .build();
+ ResponseUtil.responseJson(response, HttpStatus.UNAUTHORIZED.value(), info);
+ }
+ };
+ }
+
/**
* 退出处理
*
diff --git a/src/main/resources/public/pages/error/403.html b/src/main/resources/public/pages/error/403.html
deleted file mode 100644
index 399ecd8..0000000
--- a/src/main/resources/public/pages/error/403.html
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-
-Insert title here
-
-
-未授权
-
-
\ No newline at end of file
diff --git a/src/main/resources/public/pages/user/userList.html b/src/main/resources/public/pages/user/userList.html
index 5981ac1..5559c0a 100644
--- a/src/main/resources/public/pages/user/userList.html
+++ b/src/main/resources/public/pages/user/userList.html
@@ -72,7 +72,12 @@
+