码上快乐

相关内容   简体   繁体

AuthenticationEntryPoint 与 AccessDeineHandler 的用法及区别

本文转载自  查看原文  2019-06-06 22:22  2321 

找了大半天的资料终于在国外的网站上找到了,相关问题,不过还好把security的认证流程和授权流程又重新看了遍:

AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常

AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常

配置类:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
            .and()
                .csrf().disable()
            .authorizeRequests()
                .antMatchers("/user/sign").permitAll().anyRequest().authenticated()
            .and()
                .addFilter(new JWTLoginFilter(authenticationManager()))
                .addFilter(new JwtAuthenticationFilter(authenticationManager()));
                //添加自定义异常入口,处理accessdeine异常
        http.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
        .accessDeniedHandler(new CustomAccessDeineHandler());       
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }
}

之后,自定义AuthenticationEntryPoint的实现类:


import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }

}

自定义,AccessDeineHandler:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAccessDeineHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
    }

}
 

原文:

https://blog.csdn.net/jkjkjkll/article/details/79975975


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 浅析SpringSecurity未授权或权限不足的处理:AuthenticationEntryPoint认证入口点及其实现类简介及AccessDeineHandler介绍 #{}和${}的用法和区别 「的」「地」「得」的用法有何区别? at、in、on的区别和用法 extends 与implements的区别和用法 jquery中this与$(this)的用法区别 if else elif 用法和区别 Lock 与Monitor 的用法与区别 JS中的!=、== 、!==、===的用法和区别。 隐藏和覆盖的区别和用法
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM