From 7f4ec50cefca96ad37936239449d4dd3ef839161 Mon Sep 17 00:00:00 2001
From: "Ray.Hao" <1490493387@qq.com>
Date: Tue, 25 Feb 2025 00:07:17 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=AE=8C=E5=96=84=E5=9B=A0?=
 =?UTF-8?q?=E7=BC=BA=E5=A4=B1=20Token=20=E8=80=8C=E8=AE=A4=E8=AF=81?=
 =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E5=93=8D=E5=BA=94=E7=9A=84=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../exception/MyAuthenticationEntryPoint.java | 36 +++++++++++--------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/main/java/com/youlai/boot/core/security/exception/MyAuthenticationEntryPoint.java b/src/main/java/com/youlai/boot/core/security/exception/MyAuthenticationEntryPoint.java
index 11efd9df..65c50929 100644
--- a/src/main/java/com/youlai/boot/core/security/exception/MyAuthenticationEntryPoint.java
+++ b/src/main/java/com/youlai/boot/core/security/exception/MyAuthenticationEntryPoint.java
@@ -3,10 +3,9 @@ package com.youlai.boot.core.security.exception;
 import com.youlai.boot.common.result.ResultCode;
 import com.youlai.boot.common.util.ResponseUtils;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.stereotype.Component;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -15,26 +14,35 @@ import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 /**
- * 未认证异常处理器
+ * 统一处理 Spring Security 认证失败响应
  *
  * @author Ray.Hao
  * @since 2.0.0
  */
 public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    /**
+     * 认证失败处理入口方法
+     *
+     * @param request 触发异常的请求对象（可用于获取请求头、参数等）
+     * @param response 响应对象（用于写入错误信息）
+     * @param authException 认证异常对象（包含具体失败原因）
+     */
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
-        int status = response.getStatus();
-        if (status == HttpServletResponse.SC_NOT_FOUND) {
-            // 资源不存在
-            ResponseUtils.writeErrMsg(response, ResultCode.USER_RESOURCE_NOT_FOUND);
+        if (authException instanceof BadCredentialsException) {
+            // 用户名或密码错误
+            ResponseUtils.writeErrMsg(response, ResultCode.USER_PASSWORD_ERROR, authException.getMessage());
+        } else if(authException instanceof InsufficientAuthenticationException){
+            // 请求头缺失Authorization、Token格式错误、Token过期、签名验证失败
+            ResponseUtils.writeErrMsg(response, ResultCode.ACCESS_TOKEN_INVALID);
         } else {
-            if (authException instanceof BadCredentialsException) {
-                // 用户名或密码错误
-                ResponseUtils.writeErrMsg(response, ResultCode.USER_PASSWORD_ERROR, authException.getMessage());
-            } else {
-                // 登录异常
-                ResponseUtils.writeErrMsg(response, ResultCode.USER_LOGIN_EXCEPTION, authException.getMessage());
-            }
+            // 其他未明确处理的认证异常（如账户被锁定、账户禁用等）
+            ResponseUtils.writeErrMsg(response, ResultCode.USER_LOGIN_EXCEPTION, authException.getMessage());
         }
     }
 }
+
+
+
+