1

2017-10-16 14:04:47 +08:00 · 2017-10-16 14:04:47 +08:00 · 5082df5be4
parent f9b21e481d
commit 5082df5be4
5 changed files with 37 additions and 11 deletions
--- a/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
+++ b/src/main/java/com/boot/security/server/advice/ExceptionHandlerAdvice.java
@ -2,6 +2,7 @@ package com.boot.security.server.advice;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.UnsatisfiedServletRequestParameterException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@ -29,6 +30,12 @@ public class ExceptionHandlerAdvice {
 		return ResponseInfo.builder().code(HttpStatus.BAD_REQUEST.value() + "").message(exception.getMessage()).build();
 	}
 	@ExceptionHandler({ AccessDeniedException.class })
 	@ResponseStatus(HttpStatus.FORBIDDEN)
 	public ResponseInfo badRequestException(AccessDeniedException exception) {
 		return ResponseInfo.builder().code(HttpStatus.FORBIDDEN.value() + "").message(exception.getMessage()).build();
 	}
 	@ExceptionHandler({ MissingServletRequestParameterException.class, HttpMessageNotReadableException.class,
 			UnsatisfiedServletRequestParameterException.class, MethodArgumentTypeMismatchException.class })
 	@ResponseStatus(HttpStatus.BAD_REQUEST)
--- a/src/main/java/com/boot/security/server/config/SecurityConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java
@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@ -35,6 +36,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private LogoutSuccessHandler logoutSuccessHandler;
 	@Autowired
 	private AuthenticationEntryPoint authenticationEntryPoint;
 	@Autowired
 	private UserDetailsService userDetailsService;
 	@Autowired
 	private TokenFilter tokenFilter;
@ -56,7 +59,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 						"/img/**", "/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**")
 				.permitAll().anyRequest().authenticated();
 		http.formLogin().loginPage("/login.html").loginProcessingUrl("/login")
-				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler);
+				.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
 				.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
 		http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
 		// 解决不允许显示在iframe的问题
 		http.headers().frameOptions().disable();
--- a/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
+++ b/src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java
@ -13,6 +13,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@ -83,6 +84,25 @@ public class SecurityHandlerConfig {
 	}
 	/**
 	 * 未登录，返回401
 	 * 
 	 * @return
 	 */
 	@Bean
 	public AuthenticationEntryPoint authenticationEntryPoint() {
 		return new AuthenticationEntryPoint() {
 			@Override
 			public void commence(HttpServletRequest request, HttpServletResponse response,
 					AuthenticationException authException) throws IOException, ServletException {
 				ResponseInfo info = ResponseInfo.builder().code(HttpStatus.UNAUTHORIZED.value() + "").message("请先登录")
 						.build();
 				ResponseUtil.responseJson(response, HttpStatus.UNAUTHORIZED.value(), info);
 			}
 		};
 	}
 	/**
 	 * 退出处理
 	 * 
--- a/src/main/resources/public/pages/error/403.html
+++ b/src/main/resources/public/pages/error/403.html
@ -1,10 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
 <meta charset="UTF-8">
 <title>Insert title here</title>
 </head>
 <body>
 未授权
 </body>
 </html>
--- a/src/main/resources/public/pages/user/userList.html
+++ b/src/main/resources/public/pages/user/userList.html
@ -72,7 +72,12 @@
 <script type="text/javascript" src="../../js/plugin/datatables/jquery.dataTables.min.js"></script>
 <script type="text/javascript" src="../../js/plugin/datatables/dataTables.bootstrap.min.js"></script>
 <script type="text/javascript" src="../../js/my/permission.js"></script>
 <script type="text/javascript" src="../../layui/layui.js"></script>
 <script type="text/javascript">
 layui.use([ 'layer' ], function() {
 	var layer = layui.layer;
 });
 var pers = checkPermission();
 var example;