我在SecurityConfig.java的configure方法中配置了自定义的失败处理类和JWT过滤器
在执行用户认证的时候由于token错误本应该到我自定义的异常处理类里执行,但是却没有过去
我在SecurityConfig.java的configure方法中配置了自定义的失败处理类和JWT过滤器
在执行用户认证的时候由于token错误本应该到我自定义的异常处理类里执行,但是却没有过去
应该是被UsernamePasswordAuthenticationFilter直接拦截了,你看一下前台返回的错误是403应该,直接在前台加错误提示就好了
在后台拦截的话应该像下面这样写
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
.accessDeniedHandler(new CustomAccessDenyHandler());
public class CustomAccessDenyHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
response.setCharacterEncoding("utf-8");
response.setContentType("text/javascript;charset=utf-8");
response.getWriter().print(JSONObject.toJSONString(new ResponseDTO(994,"您不能访问当前页面")));
}
}
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.setCharacterEncoding("utf-8");
response.setContentType("text/javascript;charset=utf-8");
response.getWriter().print(JSONObject.toJSONString(new ResponseDTO(994,"登录超时,请重新进入此页面")));
}
}