handlerexceptionresolver 返回json
package net.xqlee.security.interceptor;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.json.MappingJackson2JsonView;
@Component
public class SecurityHandlerExceptionResolver implements HandlerExceptionResolver {
private static Logger logger = LoggerFactory.getLogger(SecurityHandlerExceptionResolver.class);
private static String data = "data";
private static String code = "code";
private static String msg = "msg";
private static String date = "date";
@Override
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
Exception exception) {
// 未登陆异常捕获
// 返回错误信息
Map<String, Object> resultMap = new HashMap<>();
if (exception instanceof AuthenticationCredentialsNotFoundException) {
logger.info("User Not Login:" + request.getRequestURL());
resultMap.put(code, "00001");
resultMap.put(msg, "用户未登录");
resultMap.put(data, "");
} else if (exception instanceof AccessDeniedException) {
logger.info("Access Denied [ID:" + SecurityContextHolder.getContext().getAuthentication().getName() + "]:"
+ request.getRequestURL());
resultMap.put(code, "00001");
resultMap.put(msg, "用户权限不够");
resultMap.put(data, "");
}
//这里是核心,用jsonview方式返回
MappingJackson2JsonView jackson2JsonView = new MappingJackson2JsonView();
//设置返回的json map
jackson2JsonView.setAttributesMap(resultMap);
ModelAndView view = new ModelAndView();
view.setView(jackson2JsonView);
return view;
}
}
返回信息:
{
"msg": "用户未登录",
"data": "",
"code": "00001"
}
https://blog.xqlee.com/article/180.html
评论
相关文章
spring security常用注解@Secured、@PreAuthorize 、@PostAuthorize说明,Java编程,spring security
Java编程中spring security4是一个spring框架项目的一个安全方面的项目。主要用于用户认证,授权,角色认证
spring boot整合spring security4自定义配置
Spring Security 配置多个Authentication Providers认证器
环境JDK 17Spring Boot 3.2.1-3.2.3Spring Security 6.2.1-6.3.1Spring Security 权限/角色常
spring boot 2.0 security 5.0 整合,实现自定义表单登录。spring boot 2.0框架使用。
spring boot 入门之security oauth2 jwt完美整合例子,Java编程中spring boot框架+spring security框架+spring security o...
1.概述本文继续使用spring boot 和Spring Security系列进行注册,并着重于如何正确实现角色和权限
解决spring security 整合到spring boot中,UserDetailsService接口的loadUserByUsername方法参数username输入为空问题。一 检查...
前言使用Spring Boot 3 Security 6.2 JWT 完成无状态的REST接口认证和授权管理。环境JDK 17Spring Boot 3.3.2
使用OAuth2安全的Spring REST API,Secure Spring REST API using OAuth2(含demo代码下载)
引言在这篇文章中,我们将讨论如何使用Spring Boot Security OAuth2保护REST API
引言在本文中,我们将讨论有关Spring启动安全性和JWT令牌的OAUTH2实现以及保护REST API
spring boot 整合spring security采用mongodb数据库方式