zoukankan      html  css  js  c++  java

  • AuthenticationEntryPoint 与 AccessDeineHandler 的用法及区别

    找了大半天的资料终于在国外的网站上找到了,相关问题,不过还好把security的认证流程和授权流程又重新看了遍:

    AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常

    AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常

    配置类:

    @Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled=true)
    public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private UserDetailsService userDetailsService;
        @Autowired
        private BCryptPasswordEncoder bCryptPasswordEncoder;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.cors()
                .and()
                    .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/user/sign").permitAll().anyRequest().authenticated()
                .and()
                    .addFilter(new JWTLoginFilter(authenticationManager()))
                    .addFilter(new JwtAuthenticationFilter(authenticationManager()));
                    //添加自定义异常入口,处理accessdeine异常
            http.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
            .accessDeniedHandler(new CustomAccessDeineHandler());       
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
        }
    }

    之后,自定义AuthenticationEntryPoint的实现类:


    import java.io.IOException;

    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.springframework.security.core.AuthenticationException;
    import org.springframework.security.web.AuthenticationEntryPoint;

    import com.alibaba.fastjson.JSONObject;
    import com.panku.common.domain.RestMsg;

    public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response,
                AuthenticationException authException) throws IOException, ServletException {
            response.setCharacterEncoding("utf-8");
            response.setContentType("text/javascript;charset=utf-8");
            response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
        }

    }

    自定义,AccessDeineHandler:

    import java.io.IOException;

    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.springframework.security.access.AccessDeniedException;
    import org.springframework.security.web.access.AccessDeniedHandler;

    import com.alibaba.fastjson.JSONObject;
    import com.panku.common.domain.RestMsg;

    public class CustomAccessDeineHandler implements AccessDeniedHandler {

        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response,
                AccessDeniedException accessDeniedException) throws IOException, ServletException {
            response.setCharacterEncoding("utf-8");
            response.setContentType("text/javascript;charset=utf-8");
            response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
        }

    }
     

    原文:

    https://blog.csdn.net/jkjkjkll/article/details/79975975
  • 相关阅读:
    SOAP webserivce 和 RESTful webservice 对比及区别(转载)
    JavaWeb工程中web.xml基本配置(转载学习)
    iframe 自适应
    SQL分组求每组最大值问题的解决方法收集 (转载)
    关于试用jquery的jsonp实现ajax跨域请求数据的问题
    解决Mysql连接池被关闭 ,hibernate尝试连接不能连接的问题。 (默认mysql连接池可以访问的时间为8小时,如果超过8小时没有连接,mysql会自动关闭连接池。系统发布第二天访问链接关闭问题。
    Hadoop编译源码(面试重点)
    Hadoop学习(二)自己编译Hadoop安装包
    代理模式实现方式及优缺点对比
    zookeeper
  • 原文地址:https://www.cnblogs.com/cnsec/p/13407130.html
Copyright © 2011-2022 走看看