在SpringSecurity中,如果我们在认证或者授权的过程中出现了异常会被ExceptionTranslationFilter捕 获到。在ExceptionTranslationFilter中会去判断是认证失败还是授权失败出现的异常。
一、自定义验证异常类
创建exception包,在exception包下创建自定义CustomerAuthenticationException类,继承 AuthenticationException类
java
/**
* 自定义 认证 验证异常类
*/
public class CustomerAuthenticationException extends AuthenticationException {
public CustomerAuthenticationException(String message){
super(message);
}
}
二、登录用户访问无权限资源处理器
创建CustomerAccessDeniedHandler认证用户访问无权限资源时处理器类。
抓捕到AccessDeniedException异常后,进入此处理器
java
/**
* 认证用户 访问无权限资源时处理器
*/
@Component
public class CustomerAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException {
//设置客户端的响应的内容类型
response.setContentType("application/json;charset=UTF-8");
//获取输出流
ServletOutputStream outputStream = response.getOutputStream();
//消除循环引用
String result = JSON.toJSONString(R.error().code(700).message("无权限访问, 请联系管理员!"),
SerializerFeature.DisableCircularReferenceDetect);
outputStream.write(result.getBytes(StandardCharsets.UTF_8));
outputStream.flush();
outputStream.close();
}
}
三、匿名用户访问资源处理器
java
/**
* 匿名用户 访问无权限资源的处理类
*/
@Component
public class AnonymousAuthenticationHandler implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
//设置客户端的响应的内容类型
response.setContentType("application/json;charset=UTF-8");
String result = null;
//获取输出流
ServletOutputStream outputStream = response.getOutputStream();
// System.out.println("异常消息:"+authException.getMessage()+",对象:"+authException);
if (authException instanceof BadCredentialsException) {
// 用户名未找到,可以在这里添加自定义处理逻辑
result = JSON.toJSONString(R.error()
.code(HttpServletResponse.SC_UNAUTHORIZED)
.message(authException.getMessage()),
SerializerFeature.DisableCircularReferenceDetect);
} else if (authException instanceof InternalAuthenticationServiceException) {
result = JSON.toJSONString(R.error()
.code(HttpServletResponse.SC_UNAUTHORIZED)
.message("用户名为空!"),
SerializerFeature.DisableCircularReferenceDetect);
} else {
// 其他身份验证异常处理
result = JSON.toJSONString(R.error().code(600).message("匿名用户无权限访问!"),
SerializerFeature.DisableCircularReferenceDetect); //消除循环引用
}
outputStream.write(result.getBytes(StandardCharsets.UTF_8));
outputStream.flush();
outputStream.close();
}
}
四、改造认证校验过滤器 && 认证失败处理器
java
/**
* 认证校验失败处理类
*/
@Component
public class LoginFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
//设置客户端响应编码格式
response.setContentType("application/json;charset=UTF-8");
//获取输出流
ServletOutputStream outputStream= response.getOutputStream();
String message = null;//提示信息
int code = 500;//错误编码
//判断异常类型
if(exception instanceof AccountExpiredException){
message = "账户过期,登录失败!";
}else if(exception instanceof BadCredentialsException){
message = "用户名或密码错误,登录失败!";
}else if(exception instanceof CredentialsExpiredException){
message = "密码过期,登录失败!";
}else if(exception instanceof DisabledException){
message = "账户被禁用,登录失败!";
}else if(exception instanceof LockedException){
message = "账户被锁,登录失败!";
}else if(exception instanceof InternalAuthenticationServiceException){
message = "账户不存在,登录失败!";
}else if(exception instanceof CustomerAuthenticationException){
message = exception.getMessage();
code = 600;
}else{
message = "登录失败!";
}
//将错误信息转换成JSON
String result = JSON.toJSONString(R.error().code(code).message(message));
outputStream.write(result.getBytes(StandardCharsets.UTF_8));
outputStream.flush();
outputStream.close();
}
}