Spring Cloud：Security OAuth2 自定义异常响应

个人简介：荡不羁，一生所爱。Java耕耘者（微信公众号ID：Java耕耘者），欢迎关注。可获得2000G详细的2020面试题的资料

对于客户端开发或者网站开发而言，调用接口返回有统一的响应体，可以针对性的设计界面，代码结构更加清晰，层次也更加分明。

默认异常响应

在使用 Spring Security Oauth2 登录和鉴权失败时，默认返回的异常信息如下：

{  
"error": "unauthorized",  
"error_description": "Full authentication is required to access this resource"
}

这与我们返回的信息格式不一致。如果需要修改这种返回的格式，需要重写相关异常处理类。这里我统一的是资源服务器（网关）的响应格式。

自定义异常响应

无效 token 异常类重写

新增 AuthExceptionEntryPoint.java

@Componentpublic class AuthExceptionEntryPoint implements AuthenticationEntryPoint{   
 @Override    
public void commence(HttpServletRequest request, HttpServletResponse response,                        
 AuthenticationException authException) throws ServletException {        
Map<String, Object> map = new HashMap<String, Object>();        
Throwable cause = authException.getCause();        
response.setStatus(HttpStatus.OK.value());       
 response.setHeader("Content-Type", "application/json;charset=UTF-8");       
 try {            
if(cause instanceof InvalidTokenException) {               
 response.getWriter().write(ResultJsonUtil.build(                        
ResponseCodeConstant.REQUEST_FAILED,                      
  ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,                       
ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL                ));          
  }
else{                
response.getWriter().write(ResultJsonUtil.build(                       
 ResponseCodeConstant.REQUEST_FAILED,                       
 ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,                       
ResponseMessageConstant.OAUTH_TOKEN_MISSING                ));            
}        } 
catch (IOException e) {            
e.printStackTrace();       
 }    
}}

权限不足异常类重写

新增 CustomAccessDeniedHandler.java

@Component("customAccessDeniedHandler")
public class CustomAccessDeniedHandler implements AccessDeniedHandler {   
 @Override    
public void handle(HttpServletRequest request, HttpServletResponse response,                       
AccessDeniedException accessDeniedException)           
 throws IOException, ServletException {       
 response.setStatus(HttpStatus.OK.value());       
 response.setHeader("Content-Type", "application/json;
charset=UTF-8");       
 try {            
response.getWriter().write(ResultJsonUtil.build(                    
ResponseCodeConstant.REQUEST_FAILED,                   
 ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED,                    
ResponseMessageConstant.OAUTH_TOKEN_DENIED            ));        
} catch (IOException e) {           
 e.printStackTrace();        
}   
 }}

资源配置类中设置异常处理类

修改资源配置类 ResourceServerConfiguration.java

@Overridepublic void configure(ResourceServerSecurityConfigurer resources) {    
resources.tokenExtractor(customTokenExtractor);    
resources.authenticationEntryPoint(authExceptionEntryPoint)            
.accessDeniedHandler(customAccessDeniedHandler);
}

自定义响应测试

代码视频讲解：

2021最新版Spring Security和Apache Shiro全套视频以下只展示小部分，

需要的朋友可以点一点领取：戳这里即可领取。。。暗号：jj