refactor: 优化响应状态码映射，权限不足时返回403 Forbidden

2026-03-24 10:57:05 +08:00
parent c71becea68
commit 8f5c1fc8e4
2 changed files with 12 additions and 7 deletions
--- a/src/main/java/com/youlai/boot/common/result/ResponseWriter.java
+++ b/src/main/java/com/youlai/boot/common/result/ResponseWriter.java
@@ -103,6 +103,9 @@ public final class ResponseWriter {

    /**
     * 根据业务结果码映射HTTP状态码
+     * 401: 未认证（token无效/过期）
+     * 403: 权限不足
+     * 400: 其他业务错误
     *
     * @param resultCode 业务结果码
     * @return HTTP状态码
@@ -112,6 +115,7 @@ public final class ResponseWriter {
            case ACCESS_UNAUTHORIZED,
                 ACCESS_TOKEN_INVALID,
                 REFRESH_TOKEN_INVALID -> HttpStatus.UNAUTHORIZED.value();
+            case ACCESS_PERMISSION_EXCEPTION -> HttpStatus.FORBIDDEN.value();
            default -> HttpStatus.BAD_REQUEST.value();
        };
    }
--- a/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java
+++ b/src/main/java/com/youlai/boot/framework/security/handler/MyAccessDeniedHandler.java
@@ -18,7 +18,8 @@ public class MyAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) {
-        ResponseWriter.writeError(response, ResultCode.ACCESS_UNAUTHORIZED);
+        // 权限不足返回 403 Forbidden
+        ResponseWriter.writeError(response, ResultCode.ACCESS_PERMISSION_EXCEPTION);
    }

 }