| | |
|---|
| | | import com.gkhy.safePlatform.commons.vo.ResultVO; |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.security.access.AccessDeniedException; |
|---|
| | | import org.springframework.security.core.AuthenticationException; |
|---|
| | | import org.springframework.web.bind.annotation.ControllerAdvice; |
|---|
| | | import org.springframework.web.bind.annotation.ExceptionHandler; |
|---|
| | | import org.springframework.web.bind.annotation.ResponseBody; |
|---|
| | |
|---|
| | | return new ResultVO(e.getError()); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * @Description: AuthenticationException |
|---|
| | | */ |
|---|
| | | |
|---|
| | | @ResponseBody |
|---|
| | | @ExceptionHandler(value = AuthenticationException.class) |
|---|
| | | public ResultVO CHandler(AuthenticationException e) { |
|---|
| | | logger.warn(e.getMessage()); |
|---|
| | | return new ResultVO(ResultCodes.CLIENT_PERMISSION_NOT_ALLOW); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * @Description: AuthenticationException |
|---|
| | | */ |
|---|
| | | |
|---|
| | | @ResponseBody |
|---|
| | | @ExceptionHandler(value = AccessDeniedException.class) |
|---|
| | | public ResultVO DHandler(AccessDeniedException e) { |
|---|
| | | logger.warn(e.getMessage()); |
|---|
| | | return new ResultVO(ResultCodes.CLIENT_PERMISSION_NOT_ALLOW); |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 系统错误异常 |
|---|
| | | */ |
|---|
| | |
|---|
| | | import com.alibaba.fastjson.JSONArray; |
|---|
| | | import com.alibaba.fastjson.JSONObject; |
|---|
| | | import com.gkhy.safePlatform.account.rpc.apimodel.UserAccountService; |
|---|
| | | import com.gkhy.safePlatform.commons.co.CacheAuthority; |
|---|
| | | import com.gkhy.safePlatform.commons.co.CacheUser; |
|---|
| | | import com.gkhy.safePlatform.commons.enums.RedisKeyEnum; |
|---|
| | | import com.gkhy.safePlatform.commons.enums.ResultCodes; |
|---|
| | |
|---|
| | | } catch (BusinessException e) { |
|---|
| | | // 返回异常 |
|---|
| | | this.writeJSON(req, resp, new ResultVO<>(e.getError())); |
|---|
| | | } catch (Exception e) { |
|---|
| | | e.printStackTrace(); |
|---|
| | | this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | // 3.redis获取权限 |
|---|
| | | String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId); |
|---|
| | | String oo = userAccountService.getValueByKeyFromRedis(authoritiesKey); |
|---|
| | | List<GrantedAuthority> authorities; |
|---|
| | | List<GrantedAuthority> authorities = new ArrayList<>(); |
|---|
| | | // 4.redis中是否存在 |
|---|
| | | if (oo != null) { |
|---|
| | | // 5.存在 |
|---|
| | | authorities = JSONArray.parseArray(oo, GrantedAuthority.class); |
|---|
| | | List<CacheAuthority> cacheAuthorities = JSONArray.parseArray(oo, CacheAuthority.class); |
|---|
| | | for (CacheAuthority cacheAuthority: cacheAuthorities) { |
|---|
| | | authorities.add(new SimpleGrantedAuthority(cacheAuthority.getAuthority())); |
|---|
| | | } |
|---|
| | | }else { |
|---|
| | | authorities = new ArrayList<>(); |
|---|
| | | // 6.不存在=>数据库查询 |
|---|
| | | String roleCode = userAccountService.getUserRoleCodeByUserId(userId); |
|---|
| | | // role |
|---|
| | |
|---|
| | | http.headers().cacheControl(); |
|---|
| | | // jwt过滤器 |
|---|
| | | http.addFilterBefore(tokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); |
|---|
| | | // 没有登录,没有权限 => 自定义返回 |
|---|
| | | http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(accessDeniedHandler); |
|---|
| | | // 请求认证访问 |
|---|
| | | http.authorizeRequests().anyRequest().authenticated(); |
|---|
| | | // 允许跨域访问 |
|---|
