diff --git a/src/main/java/com/youlai/boot/framework/security/filter/TokenAuthenticationFilter.java b/src/main/java/com/youlai/boot/framework/security/filter/TokenAuthenticationFilter.java index 74fb6fbf..d2514c12 100644 --- a/src/main/java/com/youlai/boot/framework/security/filter/TokenAuthenticationFilter.java +++ b/src/main/java/com/youlai/boot/framework/security/filter/TokenAuthenticationFilter.java @@ -67,23 +67,14 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { } /** - * 从请求中解析 Token - * 优先从 Authorization Header 获取,其次从 URL 参数获取(支持 SSE) + * 从请求中解析 Token(仅支持 Authorization Header) */ private String resolveToken(HttpServletRequest request) { - // 1. 从 Authorization Header 获取 String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION); if (StrUtil.isNotBlank(authorizationHeader) && authorizationHeader.startsWith(SecurityConstants.BEARER_TOKEN_PREFIX)) { return authorizationHeader.substring(SecurityConstants.BEARER_TOKEN_PREFIX.length()); } - - // 2. 从 URL 参数获取(支持 SSE EventSource) - String tokenParam = request.getParameter("token"); - if (StrUtil.isNotBlank(tokenParam)) { - return tokenParam; - } - return null; } } diff --git a/src/main/java/com/youlai/boot/framework/web/advice/GlobalExceptionHandler.java b/src/main/java/com/youlai/boot/framework/web/advice/GlobalExceptionHandler.java index c6f61151..fb0e25d6 100644 --- a/src/main/java/com/youlai/boot/framework/web/advice/GlobalExceptionHandler.java +++ b/src/main/java/com/youlai/boot/framework/web/advice/GlobalExceptionHandler.java @@ -46,7 +46,7 @@ public class GlobalExceptionHandler { * 当请求参数绑定到对象时发生错误,会抛出 BindException 异常。 */ @ExceptionHandler(BindException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(BindException e) { log.error("BindException:{}", e.getMessage()); String msg = e.getAllErrors().stream().map(DefaultMessageSourceResolvable::getDefaultMessage).collect(Collectors.joining(";")); @@ -60,7 +60,7 @@ public class GlobalExceptionHandler { * 会捕获到 ConstraintViolationException 异常。 */ @ExceptionHandler(ConstraintViolationException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(ConstraintViolationException e) { log.error("ConstraintViolationException:{}", e.getMessage()); String msg = e.getConstraintViolations().stream().map(ConstraintViolation::getMessage).collect(Collectors.joining(";")); @@ -74,7 +74,7 @@ public class GlobalExceptionHandler { * 会抛出 MethodArgumentNotValidException 异常。 */ @ExceptionHandler(MethodArgumentNotValidException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(MethodArgumentNotValidException e) { log.error("MethodArgumentNotValidException:{}", e.getMessage()); String msg = e.getBindingResult().getAllErrors().stream().map(DefaultMessageSourceResolvable::getDefaultMessage).collect(Collectors.joining(";")); @@ -99,7 +99,7 @@ public class GlobalExceptionHandler { * 当请求缺少必需的参数时,会抛出 MissingServletRequestParameterException 异常。 */ @ExceptionHandler(MissingServletRequestParameterException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(MissingServletRequestParameterException e) { log.error(e.getMessage(), e); return Result.failed(ResultCode.REQUEST_REQUIRED_PARAMETER_IS_EMPTY); @@ -111,7 +111,7 @@ public class GlobalExceptionHandler { * 当请求参数类型不匹配时,会抛出 MethodArgumentTypeMismatchException 异常。 */ @ExceptionHandler(MethodArgumentTypeMismatchException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(MethodArgumentTypeMismatchException e) { log.error(e.getMessage(), e); return Result.failed(ResultCode.PARAMETER_FORMAT_MISMATCH, "类型错误"); @@ -123,7 +123,7 @@ public class GlobalExceptionHandler { * 当 Servlet 处理请求时发生异常时,会抛出 ServletException 异常。 */ @ExceptionHandler(ServletException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(ServletException e) { log.error(e.getMessage(), e); return Result.failed(e.getMessage()); @@ -135,7 +135,7 @@ public class GlobalExceptionHandler { * 当方法接收到非法参数时,会抛出 IllegalArgumentException 异常。 */ @ExceptionHandler(IllegalArgumentException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result handleIllegalArgumentException(IllegalArgumentException e) { log.error("非法参数异常,异常原因:{}", e.getMessage(), e); return Result.failed(e.getMessage()); @@ -147,7 +147,7 @@ public class GlobalExceptionHandler { * 当处理 JSON 数据时发生错误,会抛出 JacksonException 异常。 */ @ExceptionHandler(JacksonException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result handleJacksonException(JacksonException e) { log.error("Json转换异常,异常原因:{}", e.getMessage(), e); return Result.failed(e.getMessage()); @@ -159,7 +159,7 @@ public class GlobalExceptionHandler { * 当请求体不可读时,会抛出 HttpMessageNotReadableException 异常。 */ @ExceptionHandler(HttpMessageNotReadableException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(HttpMessageNotReadableException e) { log.error(e.getMessage(), e); String errorMessage = "请求体不可为空"; @@ -176,7 +176,7 @@ public class GlobalExceptionHandler { * 当方法参数类型不匹配时,会抛出 TypeMismatchException 异常。 */ @ExceptionHandler(TypeMismatchException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result processException(TypeMismatchException e) { log.error(e.getMessage(), e); return Result.failed(e.getMessage()); @@ -188,7 +188,7 @@ public class GlobalExceptionHandler { * 当 SQL 语法错误时,会抛出 BadSqlGrammarException 异常。 */ @ExceptionHandler(BadSqlGrammarException.class) - @ResponseStatus(HttpStatus.FORBIDDEN) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) public Result handleBadSqlGrammarException(BadSqlGrammarException e) { log.error(e.getMessage(), e); String errorMsg = e.getMessage(); @@ -205,7 +205,7 @@ public class GlobalExceptionHandler { * 当 SQL 语法错误时,会抛出 SQLSyntaxErrorException 异常。 */ @ExceptionHandler(SQLSyntaxErrorException.class) - @ResponseStatus(HttpStatus.FORBIDDEN) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) public Result processSQLSyntaxErrorException(SQLSyntaxErrorException e) { log.error(e.getMessage(), e); return Result.failed(ResultCode.DATABASE_EXECUTION_SYNTAX_ERROR); @@ -218,7 +218,7 @@ public class GlobalExceptionHandler { * 当 SQL 违反了完整性约束时,会抛出 SQLIntegrityConstraintViolationException 异常。 */ @ExceptionHandler(SQLIntegrityConstraintViolationException.class) - @ResponseStatus(HttpStatus.FORBIDDEN) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) public Result handleSQLIntegrityConstraintViolationException(SQLIntegrityConstraintViolationException e) { log.error(e.getMessage(), e); return Result.failed(ResultCode.INTEGRITY_CONSTRAINT_VIOLATION); @@ -230,7 +230,7 @@ public class GlobalExceptionHandler { * 当业务逻辑发生错误时,会抛出 BusinessException 异常。 */ @ExceptionHandler(BusinessException.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.OK) public Result handleBizException(BusinessException e) { log.error("biz exception", e); if (e.getResultCode() != null) { @@ -245,7 +245,7 @@ public class GlobalExceptionHandler { * 当发生未捕获的异常时,会抛出 Exception 异常。 */ @ExceptionHandler(Exception.class) - @ResponseStatus(HttpStatus.BAD_REQUEST) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) public Result handleException(Exception e) throws Exception { // 将 Spring Security 异常继续抛出,以便交给自定义处理器处理 if (e instanceof AccessDeniedException