Spring Security 403 自定义返回消息-蒲公英云

Spring Security 403 自定义返回消息

自定义处理类 CustomAccessDeniedHandler

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomAccessDeniedHandler implements AccessDeniedHandler {

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { 
    response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
    response.setStatus(HttpStatus.FORBIDDEN.value());
    response.getWriter().write(new ObjectMapper().writeValueAsString(new CustomResponse("Session Invalid", null)));
}
static class CustomResponse { 
    private String message;
    private Object data;
    CustomResponse(String message, Object data) { 
        this.message = message;
        this.data = data;
    }
    public String getMessage() { 
        return message;
    }
    public void setMessage(String message) { 
        this.message = message;
    }
    public Object getData() { 
        return data;
    }
    public void setData(Object data) { 
        this.data = data;
    }
}

}

在Spring Security 配置中添加配置

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception { 
    http.authorizeRequests()
            .antMatchers("/",
                    "/index.html",
                    "/**/favicon.ico",
                    "/login",
                    "/logout",
                    "/index",
                    "/error")
            .permitAll();
    http.authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .exceptionHandling().accessDeniedHandler(accessDeniedHandler());
}
@Bean
public AccessDeniedHandler accessDeniedHandler() { 
    return new CustomAccessDeniedHandler();
}