tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 完善因缺失 Token 而认证失败响应的处理

Browse Source
This commit is contained in:
Ray.Hao
2025-02-25 00:07:17 +08:00
parent 5239be5514
commit 7f4ec50cef
1 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/main/java/com/youlai/boot/core/security/exception/MyAuthenticationEntryPoint.java
View File

@@ -3,10 +3,9 @@ package com.youlai.boot.core.security.exception;
import com.youlai.boot.common.result.ResultCode; import com.youlai.boot.common.result.ResultCode;
import com.youlai.boot.common.util.ResponseUtils; import com.youlai.boot.common.util.ResponseUtils;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@@ -15,26 +14,35 @@ import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
/** /**
* 未认证异常处理器 * 统一处理 Spring Security 认证失败响应
* *
* @author Ray.Hao * @author Ray.Hao
* @since 2.0.0 * @since 2.0.0
*/ */
public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint { public class MyAuthenticationEntryPoint implements AuthenticationEntryPoint {
/**
* 认证失败处理入口方法
*
* @param request 触发异常的请求对象(可用于获取请求头、参数等)
* @param response 响应对象(用于写入错误信息)
* @param authException 认证异常对象(包含具体失败原因)
*/
@Override @Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
int status = response.getStatus(); if (authException instanceof BadCredentialsException) {
if (status == HttpServletResponse.SC_NOT_FOUND) { // 用户名或密码错误
// 资源不存在 ResponseUtils.writeErrMsg(response, ResultCode.USER_PASSWORD_ERROR, authException.getMessage());
ResponseUtils.writeErrMsg(response, ResultCode.USER_RESOURCE_NOT_FOUND); } else if(authException instanceof InsufficientAuthenticationException){
// 请求头缺失Authorization、Token格式错误、Token过期、签名验证失败
ResponseUtils.writeErrMsg(response, ResultCode.ACCESS_TOKEN_INVALID);
} else { } else {
if (authException instanceof BadCredentialsException) { // 其他未明确处理的认证异常(如账户被锁定、账户禁用等)
// 用户名或密码错误 ResponseUtils.writeErrMsg(response, ResultCode.USER_LOGIN_EXCEPTION, authException.getMessage());
ResponseUtils.writeErrMsg(response, ResultCode.USER_PASSWORD_ERROR, authException.getMessage());
} else {
// 登录异常
ResponseUtils.writeErrMsg(response, ResultCode.USER_LOGIN_EXCEPTION, authException.getMessage());
}
} }
} }
} }