碼上快樂

相關內容    簡體    繁體

AuthenticationEntryPoint 與 AccessDeineHandler 的用法及區別

本文轉載自   查看原文   2019-06-06 22:22   2321 

找了大半天的資料終於在國外的網站上找到了,相關問題,不過還好把security的認證流程和授權流程又重新看了遍:

AuthenticationEntryPoint 用來解決匿名用戶訪問無權限資源時的異常

AccessDeineHandler 用來解決認證過的用戶訪問無權限資源時的異常

配置類:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
            .and()
                .csrf().disable()
            .authorizeRequests()
                .antMatchers("/user/sign").permitAll().anyRequest().authenticated()
            .and()
                .addFilter(new JWTLoginFilter(authenticationManager()))
                .addFilter(new JwtAuthenticationFilter(authenticationManager()));
                //添加自定義異常入口,處理accessdeine異常
        http.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
        .accessDeniedHandler(new CustomAccessDeineHandler());       
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
    }
}

之后,自定義AuthenticationEntryPoint的實現類:


import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("沒有訪問權限!")));
    }

}

自定義,AccessDeineHandler:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import com.alibaba.fastjson.JSONObject;
import com.panku.common.domain.RestMsg;

public class CustomAccessDeineHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
            AccessDeniedException accessDeniedException) throws IOException, ServletException {
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/javascript;charset=utf-8");
        response.getWriter().print(JSONObject.toJSONString(RestMsg.error("沒有訪問權限!")));
    }

}
 

原文:

https://blog.csdn.net/jkjkjkll/article/details/79975975


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 淺析SpringSecurity未授權或權限不足的處理:AuthenticationEntryPoint認證入口點及其實現類簡介及AccessDeineHandler介紹 #{}和${}的用法和區別 「的」「地」「得」的用法有何區別? at、in、on的區別和用法 extends 與implements的區別和用法 jquery中this與$(this)的用法區別 if else elif 用法和區別 Lock 與Monitor 的用法與區別 JS中的!=、== 、!==、===的用法和區別。 隱藏和覆蓋的區別和用法
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM