Spring Security OAuth2认证资源服务器异常处理

2023年3月20日 Spring Security Joe.Ye

两个异常处理的接口

AuthenticationEntryPoint：用来解决匿名用户访问无权限资源时的异常，也就是跟token相关的资源异常
AccessDeniedHandler：用来解决认证过的用户访问无权限资源时的异常，主要跟权限控制相关

自定义AuthenticationEntryPoint异常处理类

/**
 * @Description: 用来解决匿名用户访问无权限资源时的异常
 * @Package: cn.appblog.security.oauth2.handler.UserAuthenticationEntryPoint
 * @Version: 1.0
 */
@Component
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
        HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getStatus(), StringUtils.join(HttpStatusMsg.AUTHENTICATION_EXCEPTION.getMessage(), ",", e.toString())), response);
    }
}

自定义AccessDeniedHandler接口实现类

/**
 * @Description: 用来解决认证过的用户访问无权限资源时的异常
 * @Package: cn.appblog.security.oauth2.handler.AjaxAccessDeniedHandler
 * @Version: 1.0
 */
@Component
public class UserAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
        HttpUtils.writeError(BaseResponse.createResponse(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getStatus(),
                StringUtils.join(HttpStatusMsg.ACCESS_DENIDED_EXCEPTION.getMessage(), ",", e.toString())), response);
    }
}

相关工具方法

public class HttpUtils {
    /**
     * 异常输出工具类
     */
    public static void writeError(BaseResponse bs, HttpServletResponse response) throws IOException {
        response.setContentType("application/json,charset=utf-8");
        response.setStatus(bs.getStatus());
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.writeValue(response.getOutputStream(), bs);
    }

    /**
     * SUCESS输出工具类
     */
    public static void writeSuccess(BaseResponse bs, HttpServletResponse response) throws IOException {
        response.setContentType("application/json,charset=utf-8");
        response.setStatus(bs.getStatus());
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.writeValue(response.getOutputStream(), bs);
    }
}

@Data
public class BaseResponse implements Serializable {
    private int status;
    private String message;
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private Object data;

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(int status, String message) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(status);
        baseResponse.setMessage(message);
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(httpStatusMsg.getStatus());
        baseResponse.setMessage(httpStatusMsg.getMessage());
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(int status, String message, Object data) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(status);
        baseResponse.setMessage(message);
        baseResponse.setData(data);
        return baseResponse;
    }

    /**
     * 创建响应对象
     */
    public static BaseResponse createResponse(HttpStatusMsg httpStatusMsg, Object data) {
        BaseResponse baseResponse = new BaseResponse();
        baseResponse.setStatus(httpStatusMsg.getStatus());
        baseResponse.setMessage(httpStatusMsg.getMessage());
        baseResponse.setData(data);
        return baseResponse;
    }
}

本文转载参考原文并加以调试

作者：Joe.Ye

链接：https://www.appblog.cn/index.php/2023/03/20/spring-security-oauth2-authentication-resource-server-exception-handling/

文章版权归作者所有，未经允许请勿转载。