From fe812f1c88bfd48a58732bf09dd078a95a46a978 Mon Sep 17 00:00:00 2001 From: dqjdda <201507802@qq.com> Date: Wed, 27 Nov 2019 20:57:49 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../handler/GlobalExceptionHandler.java | 10 ------- .../me/zhengjie/config/ConfigurerAdapter.java | 28 +++++++++++-------- .../security/config/SecurityConfig.java | 9 ++++-- .../security/JwtAccessDeniedHandler.java | 19 +++++++++++++ 4 files changed, 42 insertions(+), 24 deletions(-) create mode 100644 eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java diff --git a/eladmin-common/src/main/java/me/zhengjie/exception/handler/GlobalExceptionHandler.java b/eladmin-common/src/main/java/me/zhengjie/exception/handler/GlobalExceptionHandler.java index 8b87fdec..e62a3d29 100644 --- a/eladmin-common/src/main/java/me/zhengjie/exception/handler/GlobalExceptionHandler.java +++ b/eladmin-common/src/main/java/me/zhengjie/exception/handler/GlobalExceptionHandler.java @@ -32,16 +32,6 @@ public class GlobalExceptionHandler { return buildResponseEntity(ApiError.error(e.getMessage())); } - /** - * 处理 接口无权访问异常AccessDeniedException - */ - @ExceptionHandler(AccessDeniedException.class) - public ResponseEntity handleAccessDeniedException(AccessDeniedException e){ - // 打印堆栈信息 - log.error(ThrowableUtil.getStackTrace(e)); - return buildResponseEntity(ApiError.error(FORBIDDEN.value(),e.getMessage())); - } - /** * 处理自定义异常 */ diff --git a/eladmin-system/src/main/java/me/zhengjie/config/ConfigurerAdapter.java b/eladmin-system/src/main/java/me/zhengjie/config/ConfigurerAdapter.java index eddc9e38..81efa31c 100644 --- a/eladmin-system/src/main/java/me/zhengjie/config/ConfigurerAdapter.java +++ b/eladmin-system/src/main/java/me/zhengjie/config/ConfigurerAdapter.java @@ -1,12 +1,14 @@ package me.zhengjie.config; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.config.annotation.CorsRegistry; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; -import java.nio.file.Paths; /** * WebMvcConfigurer @@ -24,20 +26,22 @@ public class ConfigurerAdapter implements WebMvcConfigurer { @Value("${file.avatar}") private String avatar; - @Override - public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") - .allowCredentials(true) - .allowedHeaders("*") - .allowedOrigins("*") - .allowedMethods("GET","POST","PUT","DELETE"); - + @Bean + public CorsFilter corsFilter() { + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.addAllowedOrigin("*"); + config.addAllowedHeader("*"); + config.addAllowedMethod("*"); + source.registerCorsConfiguration("/**", config); + return new CorsFilter(source); } @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { - String avatarUtl = Paths.get(avatar).normalize().toUri().toASCIIString(); - String pathUtl = Paths.get(path).normalize().toUri().toASCIIString(); + String avatarUtl = "file:" + avatar.replace("\\","/"); + String pathUtl = "file:" + path.replace("\\","/"); registry.addResourceHandler("/avatar/**").addResourceLocations(avatarUtl).setCachePeriod(0); registry.addResourceHandler("/file/**").addResourceLocations(pathUtl).setCachePeriod(0); registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/").setCachePeriod(0); diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java index 241cf132..55a021a2 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/config/SecurityConfig.java @@ -1,6 +1,7 @@ package me.zhengjie.modules.security.config; import me.zhengjie.annotation.AnonymousAccess; +import me.zhengjie.modules.security.security.JwtAccessDeniedHandler; import me.zhengjie.modules.security.security.JwtAuthenticationEntryPoint; import me.zhengjie.modules.security.security.JwtAuthorizationTokenFilter; import me.zhengjie.modules.security.service.JwtUserDetailsServiceImpl; @@ -39,6 +40,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private final JwtAuthenticationEntryPoint unauthorizedHandler; + private final JwtAccessDeniedHandler accessDeniedHandler; + private final JwtUserDetailsServiceImpl jwtUserDetailsService; private final ApplicationContext applicationContext; @@ -49,8 +52,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Value("${jwt.header}") private String tokenHeader; - public SecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler, JwtUserDetailsServiceImpl jwtUserDetailsService, JwtAuthorizationTokenFilter authenticationTokenFilter, ApplicationContext applicationContext) { + public SecurityConfig(JwtAuthenticationEntryPoint unauthorizedHandler, JwtAccessDeniedHandler accessDeniedHandler, JwtUserDetailsServiceImpl jwtUserDetailsService, JwtAuthorizationTokenFilter authenticationTokenFilter, ApplicationContext applicationContext) { this.unauthorizedHandler = unauthorizedHandler; + this.accessDeniedHandler = accessDeniedHandler; this.jwtUserDetailsService = jwtUserDetailsService; this.authenticationTokenFilter = authenticationTokenFilter; this.applicationContext = applicationContext; @@ -100,6 +104,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .csrf().disable() // 授权异常 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() + .exceptionHandling().accessDeniedHandler(accessDeniedHandler).and() // 不创建会话 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // 过滤请求 @@ -110,7 +115,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { "/**/*.html", "/**/*.css", "/**/*.js", - "/webSocket/**" + "/webSocket/**" ).anonymous() // swagger start .antMatchers("/swagger-ui.html").permitAll() diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java new file mode 100644 index 00000000..d510e330 --- /dev/null +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/JwtAccessDeniedHandler.java @@ -0,0 +1,19 @@ +package me.zhengjie.modules.security.security; + +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.web.access.AccessDeniedHandler; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Component +public class JwtAccessDeniedHandler implements AccessDeniedHandler { + + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException { + //当用户在没有授权的情况下访问受保护的REST资源时,将调用此方法发送403 Forbidden响应 + response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage()); + } +}