springsecurity自定义403处理方案

在handler包下:

package com.wyt.handler;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 *
 **/

@Component
public class MyAccess implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
        httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write("{\"status\":\"error\",\"msg\":\"权限不足,请联系管理 员!\"}");
        writer.flush();
        writer.close();
    }
}

修改配置

   //异常处理
        http.exceptionHandling()
                .accessDeniedHandler(myAccess);
package com.wyt.config;

import com.wyt.handler.MyAccess;
import com.wyt.handler.MyAuth;
import com.wyt.handler.MyAuthF;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 *
 **/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAccess myAccess;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginProcessingUrl("/login").failureHandler(new MyAuthF("/fail.html"))
               // .failureForwardUrl("/fail")
                .successHandler(new MyAuth("/mian.html")).loginPage("/login.html");

        //url拦截(授权)部分  匹配规则+权限控制
        http.authorizeRequests()
                .antMatchers("/login.html").permitAll()//loigin.html被放行
                .antMatchers("/fail.html").permitAll()
               /* .antMatchers("/main1.html").hasAuthority("admin")*/
                .antMatchers("/main1.html").hasRole("abC")
                .anyRequest().authenticated();//所有的请求都必须被认证,必须登录才能访问

        //关闭csrf
        http.csrf().disable();


    //异常处理
        http.exceptionHandling()
                .accessDeniedHandler(myAccess);
}




    //采用哪种加密算法
    @Bean
    public PasswordEncoder getPe(){
        return new BCryptPasswordEncoder();

    }
}

你可能感兴趣的:(springboot,java,spring,服务器)