基于角色得后台权限管理系统设计（六、spring security 让异常返回json数据而不是页面跳转）

第一次故意输错密码

第二次使用admin登入，然后反问user页面的getUser

 

统一定义返回

/**
 * @Auth yaozhongjie
 * @Date 2019/7/3 20:44
 **/
public class Render {
    public static void respJson(String msg,HttpServletResponse httpServletResponse){
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("utf-8");
        PrintWriter writer = null;
        try {
            writer = httpServletResponse.getWriter();
            writer.write(JSON.toJSONString(Result.error(msg),SerializerFeature.WriteMapNullValue));
            writer.flush();
            writer.close();
        } catch (IOException e) {
            e.printStackTrace();
        }finally {
            writer.close();
        }
    }
}

Result类标准化输出。需要lombok插件

/**
 * @Auth yaozhongjie
 * @Date 2019/6/28 9:56
 **/
@Data
public class Result {
    private Integer code;
    private String msg;
    private T data;


    public static Result success(String msg){
        Result result=new Result();
        result.code=0;
        result.msg=msg;
        return result;
    }

    public static Result success(JSONObject data){
        Result result=new Result();
        result.code=0;
        result.msg="success";
        result.data=data;
        return result;
    }

    public static Result error(String msg){
        Result result=new Result();
        result.code=-1;
        result.msg=msg;
        return result;
    }

}

 

添加权限异常处理

/**
 * @Auth yaozhongjie
 * @Date 2019/7/3 20:37
 **/
@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        Render.respJson("无权访问",httpServletResponse);
    }
}

添加授权失败处理

/**
 * @Auth yaozhongjie
 * @Date 2019/7/3 20:43
 **/
@Component
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        Render.respJson("认证失败",httpServletResponse);
    }
}

httpSecurity中配置异常处理器

    /*
    @Autowired
    MyAccessDeniedHandler accessDeniedHandler;
    @Autowired
    MyAuthenticationFailureHandler authenticationFailureHandler;

    */

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .mvcMatchers("/data/*").hasRole("ADMIN")
                .mvcMatchers("/admin/*").hasRole("ADMIN")
                .mvcMatchers("/user/*").hasRole("USER")
                .anyRequest()
                .authenticated()
        ;
        //注意认证失败处理在这里配置
        http.formLogin().failureHandler(authenticationFailureHandler).permitAll();
        //权限校验失败处理在这配置
        http.exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler);
    }