spring boot 2 security 403 无权
2018-09-19 本文已影响0人
cifer_pan
公司项目Springboot2 + security REST 风格接口,权限不足时, 返回security 自带 403 状码:
{
"timestamp": "2018-09-19T07:02:17.979+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/admin/test"
}
该格式不符合公司接口规范;
需要修改为:
{
"code": 403,
"message": "FORBIDDEN",
"timestamp": 1537340969670
}
添加自定义处理器:
public class RestAuthenticationAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
PrintWriter writer = httpServletResponse.getWriter();
writer.println("403");
}
}
注入bean:
@Bean
public AccessDeniedHandler getAccessDeniedHandler() {
return new RestAuthenticationAccessDeniedHandler();
}
修改 WebSecurityConfig 类configure 方法内的:
httpSecurity.exceptionHandling().accessDeniedHandler(getAccessDeniedHandler());
注:
WebSecurityConfig 继承自 WebSecurityConfigurerAdapter
