feat: 添加权限不足、未登录、注销的处理逻辑

cadecode · cadecode · commit 98c6c85db1ff · 2021-12-11T22:06:28.000+08:00
diff --git a/simple-framework/src/main/java/top/cadecode/framework/config/SecurityConfig.java b/simple-framework/src/main/java/top/cadecode/framework/config/SecurityConfig.java
@@ -55,7 +55,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         http.authorizeRequests()
                 .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                .anyRequest().permitAll()
+                .anyRequest().authenticated()
                 .and()
                 .formLogin().permitAll()
                 .loginProcessingUrl(LOGIN_URL)
@@ -64,7 +64,11 @@ protected void configure(HttpSecurity http) throws Exception {
                 .and()
                 .logout().permitAll()
                 .logoutUrl(LOGOUT_URL)
-                .logoutSuccessHandler(signOutSuccessHandler);
+                .logoutSuccessHandler(signOutSuccessHandler)
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(noAuthenticationHandler)
+                .accessDeniedHandler(noAuthorityHandler);
     }
 
     @Override
diff --git a/simple-framework/src/main/java/top/cadecode/framework/security/NoAuthenticationHandler.java b/simple-framework/src/main/java/top/cadecode/framework/security/NoAuthenticationHandler.java
@@ -0,0 +1,28 @@
+package top.cadecode.framework.security;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+import top.cadecode.common.core.response.CommonResponse;
+import top.cadecode.common.enums.AuthErrorEnum;
+import top.cadecode.common.util.JsonUtil;
+import top.cadecode.common.util.WebUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Cade Li
+ * @date 2021/12/11
+ * @description 未认证处理器
+ */
+@Component
+public class NoAuthenticationHandler implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) {
+        CommonResponse<Object> commonResponse = CommonResponse.of(AuthErrorEnum.TOKEN_NOT_EXIST)
+                .path(request.getRequestURI());
+        WebUtil.writeJsonToResponse(response, JsonUtil.objToStr(commonResponse));
+    }
+}
diff --git a/simple-framework/src/main/java/top/cadecode/framework/security/NoAuthorityHandler.java b/simple-framework/src/main/java/top/cadecode/framework/security/NoAuthorityHandler.java
@@ -0,0 +1,28 @@
+package top.cadecode.framework.security;
+
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+import top.cadecode.common.core.response.CommonResponse;
+import top.cadecode.common.enums.AuthErrorEnum;
+import top.cadecode.common.util.JsonUtil;
+import top.cadecode.common.util.WebUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Cade Li
+ * @date 2021/12/11
+ * @description 权限不足处理器
+ */
+@Component
+public class NoAuthorityHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response,
+                       AccessDeniedException accessDeniedException) {
+        CommonResponse<Object> commonResponse = CommonResponse.of(AuthErrorEnum.TOKEN_NO_AUTHORITY)
+                .path(request.getRequestURI());
+        WebUtil.writeJsonToResponse(response, JsonUtil.objToStr(commonResponse));
+    }
+}
diff --git a/simple-framework/src/main/java/top/cadecode/framework/security/SignOutSuccessHandler.java b/simple-framework/src/main/java/top/cadecode/framework/security/SignOutSuccessHandler.java
@@ -0,0 +1,30 @@
+package top.cadecode.framework.security;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.stereotype.Component;
+import top.cadecode.common.core.response.CommonResponse;
+import top.cadecode.common.core.response.ResponseCode;
+import top.cadecode.common.util.JsonUtil;
+import top.cadecode.common.util.WebUtil;
+import top.cadecode.framework.config.SecurityConfig;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author Cade Li
+ * @date 2021/12/11
+ * @description 注销成功处理器
+ */
+@Component
+public class SignOutSuccessHandler implements LogoutSuccessHandler {
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
+                                Authentication authentication) {
+        CommonResponse<Object> commonResponse = CommonResponse.of(ResponseCode.SUCCESS)
+                .path(SecurityConfig.LOGOUT_URL);
+        WebUtil.writeJsonToResponse(response, JsonUtil.objToStr(commonResponse));
+    }
+}
