zoukankan      html  css  js  c++  java
  • AuthenticationEntryPoint 与 AccessDeineHandler 的用法及区别

    找了大半天的资料终于在国外的网站上找到了,相关问题,不过还好把security的认证流程和授权流程又重新看了遍:

    AuthenticationEntryPoint 用来解决匿名用户访问无权限资源时的异常

    AccessDeineHandler 用来解决认证过的用户访问无权限资源时的异常

    配置类:

    @Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled=true)
    public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private UserDetailsService userDetailsService;
        @Autowired
        private BCryptPasswordEncoder bCryptPasswordEncoder;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.cors()
                .and()
                    .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/user/sign").permitAll().anyRequest().authenticated()
                .and()
                    .addFilter(new JWTLoginFilter(authenticationManager()))
                    .addFilter(new JwtAuthenticationFilter(authenticationManager()));
                    //添加自定义异常入口,处理accessdeine异常
            http.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
            .accessDeniedHandler(new CustomAccessDeineHandler());       
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
        }
    }

    之后,自定义AuthenticationEntryPoint的实现类:


    import java.io.IOException;

    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.springframework.security.core.AuthenticationException;
    import org.springframework.security.web.AuthenticationEntryPoint;

    import com.alibaba.fastjson.JSONObject;
    import com.panku.common.domain.RestMsg;

    public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response,
                AuthenticationException authException) throws IOException, ServletException {
            response.setCharacterEncoding("utf-8");
            response.setContentType("text/javascript;charset=utf-8");
            response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
        }

    }

    自定义,AccessDeineHandler:

    import java.io.IOException;

    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import org.springframework.security.access.AccessDeniedException;
    import org.springframework.security.web.access.AccessDeniedHandler;

    import com.alibaba.fastjson.JSONObject;
    import com.panku.common.domain.RestMsg;

    public class CustomAccessDeineHandler implements AccessDeniedHandler {

        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response,
                AccessDeniedException accessDeniedException) throws IOException, ServletException {
            response.setCharacterEncoding("utf-8");
            response.setContentType("text/javascript;charset=utf-8");
            response.getWriter().print(JSONObject.toJSONString(RestMsg.error("没有访问权限!")));
        }

    }
     

    原文:

    https://blog.csdn.net/jkjkjkll/article/details/79975975

  • 相关阅读:
    【转】PHP使用共享内存进程间通信
    【转】php进程间通信--有名管道
    【转】代理模式-php白话示例
    [转]设计的核心任务之三:确保正交性
    pc主板支持独显和集显视频输出
    OpenGL核心技术之抗锯齿
    读书:有钱人想的和你不一样
    js 文本相似度
    js实现获得QQ截图或者微信截图后剪切板的内容clipboardData
    【转】chrome浏览器F12 Network中Timing参数含义
  • 原文地址:https://www.cnblogs.com/cnsec/p/13407130.html
Copyright © 2011-2022 走看看