资源访问拒绝 处理程序
当用户使用授权凭证访问系统时,授权凭证有效,但是没有权限访问某些接口时,默认将会返回 403 状态码
配置
shell
package cloud.xuxiaowei.oauth2.handler;
import cloud.xuxiaowei.utils.Response;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 资源访问拒绝 处理程序
*
* @author xuxiaowei
* @since 0.0.1
*/
@Slf4j
public class ResourceAccessDeniedHandler implements AccessDeniedHandler {
@Override
@SuppressWarnings({ "deprecation" })
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
log.error("资源访问拒绝 处理程序:", accessDeniedException);
Response<?> error = Response.error(accessDeniedException.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_UTF8.toString());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.registerModule(new JavaTimeModule());
String json = objectMapper.writeValueAsString(error);
response.getWriter().println(json);
response.setStatus(HttpStatus.OK.value());
response.flushBuffer();
}
}shell
package cloud.xuxiaowei.oauth2.handler;
import cloud.xuxiaowei.utils.Response;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import java.io.IOException;
/**
* 资源访问拒绝 处理程序
*
* @author xuxiaowei
* @since 0.0.1
*/
@Slf4j
public class ResourceAccessDeniedHandler implements AccessDeniedHandler {
@Override
@SuppressWarnings({ "deprecation" })
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
log.error("资源访问拒绝 处理程序:", accessDeniedException);
Response<?> error = Response.error(accessDeniedException.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_UTF8.toString());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.registerModule(new JavaTimeModule());
String json = objectMapper.writeValueAsString(error);
response.getWriter().println(json);
response.setStatus(HttpStatus.OK.value());
response.flushBuffer();
}
}使用
shell
package cloud.xuxiaowei.passport.config;
import cloud.xuxiaowei.oauth2.handler.ResourceAccessDeniedHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
/**
* @author xuxiaowei
* @since 0.1.0
*/
@Configuration
public class ResourceServerConfig {
@Bean
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
// ... 省略
http.oauth2ResourceServer().accessDeniedHandler(new ResourceAccessDeniedHandler());
// ... 省略
return http.build();
}
}shell
package cloud.xuxiaowei.passport.config;
import cloud.xuxiaowei.oauth2.handler.ResourceAccessDeniedHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
/**
* @author xuxiaowei
* @since 0.1.0
*/
@Configuration
public class ResourceServerConfig {
@Bean
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
// ... 省略
http.oauth2ResourceServer(oauth2ResourceServerCustomizer -> {
oauth2ResourceServerCustomizer.accessDeniedHandler(new ResourceAccessDeniedHandler());
});
// ... 省略
return http.build();
}
}