SpringSecurity自定义失败处理

认证异常处理


@Component
public class Renzheng implements AuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        ResponseResult result=new ResponseResult<>(HttpStatus.UNSUPPORTED_MEDIA_TYPE.value(), "用户账号密码错误");
        WebUtils.renderString(httpServletResponse, JSON.toJSONString(result));
    }
}

授权异常处理


@Component
public class AccessDeniedExceptionImpl implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        ResponseResult result=new ResponseResult<>(400,"授权失败");
        WebUtils.renderString(httpServletResponse,JSON.toJSONString(result));
    }
}

添加异常处理

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private  JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    @Autowired
    private AccessDeniedExceptionImpl accessDeniedException;
    @Autowired
    private Renzheng renzheng;

@Bean
    public BCryptPasswordEncoder passwordEncoder(){
        return new  BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //关闭csrf
                .csrf().disable()
                //不通过Session获取SecurityContext

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                // 对于登录接口 允许匿名访问
                .antMatchers("/user/login").anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated();
        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        http.exceptionHandling()
                //认证处理
                .authenticationEntryPoint(renzheng)
                //异常处理
                .accessDeniedHandler(accessDeniedException);
    }
posted @   浮白呀  阅读(53)  评论(0编辑  收藏  举报
相关博文:
· 接上文实现SpringSecurity,拦截器的实现
· 跨域问题(普通跨域和springsecurity跨域)
· SpringSecurity从入门到精通:从数据库查询权限信息&自定义失败处理
· 自定义失败处理 配置给SpringSecurity
· Spring Security 接口认证鉴权入门实践指南
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 【杭电多校比赛记录】2025“钉耙编程”中国大学生算法设计春季联赛(1)
点击右上角即可分享
微信分享提示