| 提交 | 用户 | 时间 | ||
| e7c126 | 1 | package com.iailab.framework.security.core.handler; |
| H | 2 | |
| 3 | import com.iailab.framework.common.exception.enums.GlobalErrorCodeConstants; | |
| 4 | import com.iailab.framework.common.pojo.CommonResult; | |
| 5 | import com.iailab.framework.security.core.util.SecurityFrameworkUtils; | |
| 6 | import com.iailab.framework.common.util.servlet.ServletUtils; | |
| 7 | import lombok.extern.slf4j.Slf4j; | |
| 8 | import org.springframework.security.access.AccessDeniedException; | |
| 9 | import org.springframework.security.web.access.AccessDeniedHandler; | |
| 10 | import org.springframework.security.web.access.ExceptionTranslationFilter; | |
| 11 | import org.springframework.stereotype.Component; | |
| 12 | ||
| 13 | import javax.servlet.FilterChain; | |
| 14 | import javax.servlet.ServletException; | |
| 15 | import javax.servlet.http.HttpServletRequest; | |
| 16 | import javax.servlet.http.HttpServletResponse; | |
| 17 | import java.io.IOException; | |
| 18 | ||
| 19 | import static com.iailab.framework.common.exception.enums.GlobalErrorCodeConstants.FORBIDDEN; | |
| 20 | import static com.iailab.framework.common.exception.enums.GlobalErrorCodeConstants.UNAUTHORIZED; | |
| 21 | ||
| 22 | /** | |
| 23 | * 访问一个需要认证的 URL 资源,已经认证(登录)但是没有权限的情况下,返回 {@link GlobalErrorCodeConstants#FORBIDDEN} 错误码。 | |
| 24 | * | |
| 25 | * 补充:Spring Security 通过 {@link ExceptionTranslationFilter#handleAccessDeniedException(HttpServletRequest, HttpServletResponse, FilterChain, AccessDeniedException)} 方法,调用当前类 | |
| 26 | * | |
| 27 | * @author iailab | |
| 28 | */ | |
| 29 | @Slf4j | |
| 30 | @SuppressWarnings("JavadocReference") | |
| 31 | public class AccessDeniedHandlerImpl implements AccessDeniedHandler { | |
| 32 | ||
| 33 | @Override | |
| 34 | public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) | |
| 35 | throws IOException, ServletException { | |
| 36 | // 打印 warn 的原因是,不定期合并 warn,看看有没恶意破坏 | |
| 37 | log.warn("[commence][访问 URL({}) 时,用户({}) 权限不够]", request.getRequestURI(), | |
| 38 | SecurityFrameworkUtils.getLoginUserId(), e); | |
| 39 | // 返回 403 | |
| 40 | ServletUtils.writeJSON(response, CommonResult.error(FORBIDDEN)); | |
| 41 | } | |
| 42 | ||
| 43 | } | |
