From 8f5c1fc8e4363cae43459acf784b5839acbebef7 Mon Sep 17 00:00:00 2001 From: "Ray.Hao" <1490493387@qq.com> Date: Tue, 24 Mar 2026 10:57:05 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E4=BC=98=E5=8C=96=E5=93=8D?= =?UTF-8?q?=E5=BA=94=E7=8A=B6=E6=80=81=E7=A0=81=E6=98=A0=E5=B0=84=EF=BC=8C?= =?UTF-8?q?=E6=9D=83=E9=99=90=E4=B8=8D=E8=B6=B3=E6=97=B6=E8=BF=94=E5=9B=9E?= =?UTF-8?q?403=20Forbidden?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../boot/common/result/ResponseWriter.java | 16 ++++++++++------ .../security/handler/MyAccessDeniedHandler.java | 3 ++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/youlai/boot/common/result/ResponseWriter.java b/src/main/java/com/youlai/boot/common/result/ResponseWriter.java index 2bec9994..9b033990 100644 --- a/src/main/java/com/youlai/boot/common/result/ResponseWriter.java +++ b/src/main/java/com/youlai/boot/common/result/ResponseWriter.java @@ -69,7 +69,7 @@ public final class ResponseWriter { Result result = message == null ? Result.failed(resultCode) : Result.failed(resultCode, message); - + int httpStatus = mapHttpStatus(resultCode); writeResult(response, result, httpStatus); } @@ -85,11 +85,11 @@ public final class ResponseWriter { try { // 设置HTTP状态码 response.setStatus(httpStatus); - + // 设置响应编码和内容类型 response.setCharacterEncoding(StandardCharsets.UTF_8.toString()); response.setContentType(MediaType.APPLICATION_JSON_VALUE); - + // 写入响应 JakartaServletUtil.write(response, JSONUtil.toJsonStr(result), @@ -103,6 +103,9 @@ public final class ResponseWriter { /** * 根据业务结果码映射HTTP状态码 + * 401: 未认证(token无效/过期) + * 403: 权限不足 + * 400: 其他业务错误 * * @param resultCode 业务结果码 * @return HTTP状态码 @@ -110,9 +113,10 @@ public final class ResponseWriter { private static int mapHttpStatus(ResultCode resultCode) { return switch (resultCode) { case ACCESS_UNAUTHORIZED, - ACCESS_TOKEN_INVALID, - REFRESH_TOKEN_INVALID -> HttpStatus.UNAUTHORIZED.value(); + ACCESS_TOKEN_INVALID, + REFRESH_TOKEN_INVALID -> HttpStatus.UNAUTHORIZED.value(); + case ACCESS_PERMISSION_EXCEPTION -> HttpStatus.FORBIDDEN.value(); default -> HttpStatus.BAD_REQUEST.value(); }; } -} \ No newline at end of file +} diff --git a/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java b/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java index 6da8be19..712cc0a4 100644 --- a/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java +++ b/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java @@ -18,7 +18,8 @@ public class MyAccessDeniedHandler implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) { - ResponseWriter.writeError(response, ResultCode.ACCESS_UNAUTHORIZED); + // 权限不足返回 403 Forbidden + ResponseWriter.writeError(response, ResultCode.ACCESS_PERMISSION_EXCEPTION); } }