Prechádzať zdrojové kódy

权限框架401、403状态码统一改为200

songxinlu 3 rokov pred
rodič
commit
a23f62ece4

+ 37 - 0
src/main/java/com/diagbot/config/AccessDeniedExceptionPoint.java

@@ -0,0 +1,37 @@
+package com.diagbot.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Description:
+ * @Author songxl
+ * @Date 2021/11/30
+ */
+@Component
+public class AccessDeniedExceptionPoint implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
+        Map map = new HashMap();
+        //响应状态码统一为200
+        response.setStatus(HttpServletResponse.SC_OK);
+        map.put("code", "00000001");
+        map.put("msg","没有该权限");
+        response.setContentType("application/json");
+        try {
+            ObjectMapper mapper = new ObjectMapper();
+            mapper.writeValue(response.getOutputStream(), map);
+        } catch (Exception e1) {
+            throw new ServletException();
+        }
+    }
+}

+ 18 - 23
src/main/java/com/diagbot/config/AuthenticationExceptionHandler.java

@@ -38,43 +38,38 @@ public class AuthenticationExceptionHandler {
         Map map = new HashMap();
         //登录前的获取登录页面的请求接口不知道什么原因会抛出未认证(Full authentication is required to access this resource)
         //如果抛出未认证在这个调用这个服务接口返回消息
+        //响应状态码统一为200
+        response.setStatus(HttpServletResponse.SC_OK);
         if (matchers("/sys/user/getHospitalMark", request)) {
             map.put("code", "0");
             map.put("msg", "");
             map.put("data", userFacade.getHospitalMark());
-            response.setStatus(HttpServletResponse.SC_OK);
         } else if (authException instanceof BadCredentialsException) {
             map.put("code", "00000001");
             map.put("msg", "用户或密码不正确");
-            response.setStatus(HttpServletResponse.SC_OK);
         } else if (authException instanceof AccountStatusException) {
-            map.put("code", "00000001");
-            map.put("msg", "户状态异常");
-            response.setStatus(HttpServletResponse.SC_OK);
-        } else if (authException instanceof AccountExpiredException) {
-            map.put("code", "00000001");
-            map.put("msg", "账户过期");
-            response.setStatus(HttpServletResponse.SC_OK);
-        } else if (authException instanceof CredentialsExpiredException) {//证书过期
-            map.put("code", "10020011");
-            map.put("msg", "登录超时。为确保您的账户安全,系统已自动退出,请重新登录。");
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        } else if (authException instanceof DisabledException) {
-            map.put("code", "00000001");
-            map.put("msg", "账户不可用");
-            response.setStatus(HttpServletResponse.SC_OK);
-        } else if (authException instanceof LockedException) {
-            map.put("code", "00000001");
-            map.put("msg", "账户锁定");
-            response.setStatus(HttpServletResponse.SC_OK);
+            if (authException instanceof LockedException) {
+                map.put("code", "00000001");
+                map.put("msg", "账户锁定");
+            } else if (authException instanceof AccountExpiredException) {//账户过期
+                map.put("code", "10020011");
+                map.put("msg", "登录超时。为确保您的账户安全,系统已自动退出,请重新登录。");
+            } else if (authException instanceof CredentialsExpiredException) {//证书过期
+                map.put("code", "10020011");
+                map.put("msg", "登录超时。为确保您的账户安全,系统已自动退出,请重新登录。");
+            } else if (authException instanceof DisabledException) {
+                map.put("code", "00000001");
+                map.put("msg", "账户不可用");
+            } else {
+                map.put("code", "00000001");
+                map.put("msg", "用户状态异常");
+            }
         } else if (authException instanceof InsufficientAuthenticationException) {
             map.put("code", "10020011");
             map.put("msg", "登录超时。为确保您的账户安全,系统已自动退出,请重新登录。");
-            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
         } else {
             map.put("code", "00000001");
             map.put("msg", authException.getMessage());
-            response.setStatus(HttpServletResponse.SC_OK);
         }
         response.setContentType("application/json");
         try {

+ 5 - 0
src/main/java/com/diagbot/config/ResourceServerConfigurer.java

@@ -32,6 +32,8 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
     Logger log = LoggerFactory.getLogger(ResourceServerConfigurer.class);
     @Autowired
     private AuthExceptionEntryPoint authExceptionEntryPoint;
+    @Autowired
+    private AccessDeniedExceptionPoint accessDeniedExceptionPoint;
 
     @Override
     public void configure(HttpSecurity http) throws Exception {
@@ -39,6 +41,8 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
                 .and()
                 .exceptionHandling().authenticationEntryPoint(authExceptionEntryPoint)
                 .and()
+                .exceptionHandling().accessDeniedHandler(accessDeniedExceptionPoint)
+                .and()
                 .csrf().disable()
                 .authorizeRequests()
                 .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
@@ -291,6 +295,7 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
         log.info("Configuring ResourceServerSecurityConfigurer");
         resources.resourceId("user-service").tokenStore(new JwtTokenStore(jwtTokenEnhancerClient()));
         resources.authenticationEntryPoint(authExceptionEntryPoint);
+        resources.accessDeniedHandler(accessDeniedExceptionPoint);
     }
 
     @Autowired