From d6b443c754cd501892e0d2f9f55c20f8e198993d Mon Sep 17 00:00:00 2001 From: Saturneric Date: Tue, 17 Mar 2020 19:39:37 +0800 Subject: [PATCH] =?UTF-8?q?=E9=94=99=E8=AF=AF=E7=AE=A1=E7=90=86=E5=AD=90?= =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E8=B0=83=E6=95=B4;=E5=AE=8C=E5=96=84?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=A3=80=E6=9F=A5=E6=B5=81=E7=A8=8B;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../json/respond/ErrorInfoJSONRespond.java | 12 +++++++ .../ASEAuthenticationEntryPoint.java | 3 +- .../ASEAuthenticationFailureHandler.java | 14 +++++++- .../ASESecurityAuthenticationProvider.java | 4 +-- ...EUsernamePasswordAuthenticationFilter.java | 20 +++++++---- .../ase/controller/ASEControllerAdvice.java | 20 +++++++---- .../ase/controller/ASEErrorController.java | 35 ++++++++++++++++++- .../ase/service/ASEUserDetailsService.java | 15 +++++--- 8 files changed, 101 insertions(+), 22 deletions(-) create mode 100644 src/main/java/com/codesdream/ase/component/json/respond/ErrorInfoJSONRespond.java diff --git a/src/main/java/com/codesdream/ase/component/json/respond/ErrorInfoJSONRespond.java b/src/main/java/com/codesdream/ase/component/json/respond/ErrorInfoJSONRespond.java new file mode 100644 index 0000000..4495e20 --- /dev/null +++ b/src/main/java/com/codesdream/ase/component/json/respond/ErrorInfoJSONRespond.java @@ -0,0 +1,12 @@ +package com.codesdream.ase.component.json.respond; + +import lombok.Data; + +import java.util.Date; + +@Data +public class ErrorInfoJSONRespond { + String exception = null; + String exceptionMessage = null; + Date date = null; +} diff --git a/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationEntryPoint.java b/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationEntryPoint.java index 2fe9434..b3f5962 100644 --- a/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationEntryPoint.java +++ b/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationEntryPoint.java @@ -24,7 +24,8 @@ public class ASEAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) - throws IOException, ServletException { + throws IOException { + // 对匿名用户返回401 response.getWriter().print(quickJSONRespond.getRespond401(null)); diff --git a/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationFailureHandler.java b/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationFailureHandler.java index 6516911..ee82950 100644 --- a/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationFailureHandler.java +++ b/src/main/java/com/codesdream/ase/component/permission/ASEAuthenticationFailureHandler.java @@ -2,6 +2,7 @@ package com.codesdream.ase.component.permission; import com.codesdream.ase.component.datamanager.JSONParameter; import com.codesdream.ase.component.datamanager.QuickJSONRespond; +import com.codesdream.ase.component.json.respond.ErrorInfoJSONRespond; import com.codesdream.ase.component.json.respond.UserLoginCheckerJSONRespond; import lombok.extern.slf4j.Slf4j; import org.springframework.security.core.AuthenticationException; @@ -13,6 +14,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Date; // 认证失败返回 @Slf4j @@ -28,7 +30,17 @@ public class ASEAuthenticationFailureHandler extends SimpleUrlAuthenticationFail { log.info("ASEAuthenticationFailureHandler Login Fail!"); + // 填写异常信息存储对象 + ErrorInfoJSONRespond errorInfoJSONRespond = new ErrorInfoJSONRespond(); + errorInfoJSONRespond.setDate(new Date()); + errorInfoJSONRespond.setExceptionMessage(exception.getMessage()); + errorInfoJSONRespond.setException(exception.getClass().getSimpleName()); + // 认证失败返回406 - response.getWriter().write(quickJSONRespond.getRespond406("Authentication Failure")); + response.getWriter().write(quickJSONRespond.getJSONStandardRespond( + 406, + "Not Acceptable", + "Authentication Failure", + errorInfoJSONRespond)); } } diff --git a/src/main/java/com/codesdream/ase/component/permission/ASESecurityAuthenticationProvider.java b/src/main/java/com/codesdream/ase/component/permission/ASESecurityAuthenticationProvider.java index 7ba70ca..61edbd5 100644 --- a/src/main/java/com/codesdream/ase/component/permission/ASESecurityAuthenticationProvider.java +++ b/src/main/java/com/codesdream/ase/component/permission/ASESecurityAuthenticationProvider.java @@ -43,10 +43,8 @@ public class ASESecurityAuthenticationProvider implements AuthenticationProvider // 判断用户是否存在 UserDetails userInfo = userDetailsService.loadUserByUsername(username); - log.info(String.format("SecurityAuthentication: %s %s", username, password)); - if (userInfo == null) { - throw new UsernameNotFoundException("User IS Not Existing"); + throw new UsernameNotFoundException("User Not Exist"); } // 判断密码是否正确 diff --git a/src/main/java/com/codesdream/ase/component/permission/ASEUsernamePasswordAuthenticationFilter.java b/src/main/java/com/codesdream/ase/component/permission/ASEUsernamePasswordAuthenticationFilter.java index d09f9d2..6f6acb0 100644 --- a/src/main/java/com/codesdream/ase/component/permission/ASEUsernamePasswordAuthenticationFilter.java +++ b/src/main/java/com/codesdream/ase/component/permission/ASEUsernamePasswordAuthenticationFilter.java @@ -49,16 +49,24 @@ public class ASEUsernamePasswordAuthenticationFilter extends UsernamePasswordAut throw new AuthenticationServiceException("Authentication method not supported: NOT Ajax Method."); } - Optional checker = jsonParameter.getJavaObjectByRequest(request, UserLoginChecker.class); - if(!checker.isPresent()) throw new BadCredentialsException("Invalid AJAX JSON Request"); + Optional checkerOptional = jsonParameter.getJavaObjectByRequest(request, UserLoginChecker.class); + if(!checkerOptional.isPresent()) throw new BadCredentialsException("Invalid AJAX JSON Request"); - if (!checker.get().getCheckType().equals("UsernamePasswordChecker")) + UserLoginChecker checker = checkerOptional.get(); + + if(checker.getUsername() == null + || checker.getPassword() == null + || checker.getClientCode() == null + || checker.getCheckType() == null) + throw new AuthenticationServiceException("Request Data IS Incomplete"); + + if (!checker.getCheckType().equals("UsernamePasswordChecker")) throw new AuthenticationServiceException("Authentication not supported: NOT Username Password Type."); // 获得相应的用户名密码 - String username = checker.get().getUsername(); - String password = checker.get().getPassword(); - String clientCode = checker.get().getClientCode(); + String username = checker.getUsername(); + String password = checker.getPassword(); + String clientCode = checker.getClientCode(); if (username == null) username = ""; if (password == null) password = ""; diff --git a/src/main/java/com/codesdream/ase/controller/ASEControllerAdvice.java b/src/main/java/com/codesdream/ase/controller/ASEControllerAdvice.java index d5166ff..332f5ba 100644 --- a/src/main/java/com/codesdream/ase/controller/ASEControllerAdvice.java +++ b/src/main/java/com/codesdream/ase/controller/ASEControllerAdvice.java @@ -1,23 +1,31 @@ package com.codesdream.ase.controller; import com.codesdream.ase.component.error.ErrorResponse; +import com.codesdream.ase.component.json.respond.ErrorInfoJSONRespond; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.authentication.AuthenticationServiceException; +import org.springframework.security.core.AuthenticationException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.RestControllerAdvice; import org.springframework.web.context.request.WebRequest; import java.util.ArrayList; +import java.util.Date; import java.util.List; -@ControllerAdvice +@RestControllerAdvice public class ASEControllerAdvice { @ExceptionHandler(value = {RuntimeException.class}) - public final ResponseEntity handleRuntimeException(RuntimeException e, WebRequest webRequest){ - List details = new ArrayList<>(); - details.add(e.getLocalizedMessage()); - ErrorResponse errorResponse = new ErrorResponse("Runtime Error", details); - return new ResponseEntity<>(errorResponse, HttpStatus.INTERNAL_SERVER_ERROR); + public final Object handleRuntimeException(RuntimeException e, WebRequest webRequest){ + ErrorInfoJSONRespond errorInfoJSONRespond = new ErrorInfoJSONRespond(); + errorInfoJSONRespond.setDate(new Date()); + errorInfoJSONRespond.setExceptionMessage(e.getMessage()); + errorInfoJSONRespond.setException(e.getClass().getName()); + return errorInfoJSONRespond; } + + } diff --git a/src/main/java/com/codesdream/ase/controller/ASEErrorController.java b/src/main/java/com/codesdream/ase/controller/ASEErrorController.java index 124294f..ab33dc1 100644 --- a/src/main/java/com/codesdream/ase/controller/ASEErrorController.java +++ b/src/main/java/com/codesdream/ase/controller/ASEErrorController.java @@ -1,6 +1,8 @@ package com.codesdream.ase.controller; +import com.codesdream.ase.component.datamanager.QuickJSONRespond; import com.codesdream.ase.component.error.ErrorResponse; +import com.codesdream.ase.component.json.respond.ErrorInfoJSONRespond; import org.springframework.boot.web.servlet.error.ErrorController; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -9,8 +11,10 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.context.request.WebRequest; +import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.Date; @@ -19,7 +23,7 @@ import java.util.List; @Controller public class ASEErrorController implements ErrorController { - @RequestMapping("/error") +/* @RequestMapping("/error") public String handleError(HttpServletRequest request, Model model){ Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code"); Exception exception = (Exception) request.getAttribute("javax.servlet.error.exception"); @@ -49,7 +53,36 @@ public class ASEErrorController implements ErrorController { model.addAttribute("exception_date", new Date()); } return "error"; + }*/ + @Resource + private QuickJSONRespond quickJSONRespond; + + @RequestMapping("/error") + @ResponseBody + public String handleError(HttpServletRequest request){ + Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code"); + Exception exception = (Exception) request.getAttribute("javax.servlet.error.exception"); + + // 检查返回的状态 + if (statusCode == HttpStatus.NOT_FOUND.value()) return quickJSONRespond.getRespond404(null); + ErrorInfoJSONRespond errorInfoJSONRespond = new ErrorInfoJSONRespond(); + + // 检查是否含有引发异常 + if (exception.getCause() == null) { + errorInfoJSONRespond.setException(exception.getClass().getName()); + errorInfoJSONRespond.setExceptionMessage(exception.getMessage()); + } else { + errorInfoJSONRespond.setException(exception.getCause().getClass().getName()); + errorInfoJSONRespond.setExceptionMessage(exception.getCause().getMessage()); + } + errorInfoJSONRespond.setDate(new Date()); + + return quickJSONRespond.getJSONStandardRespond( + statusCode, + "Error Controller Handle", + null, + errorInfoJSONRespond); } @Override diff --git a/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java b/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java index 411bcbb..2d9a666 100644 --- a/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java +++ b/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java @@ -1,7 +1,9 @@ package com.codesdream.ase.service; import com.codesdream.ase.component.permission.UserAuthoritiesGenerator; +import com.codesdream.ase.exception.UserNotFoundException; import com.codesdream.ase.model.permission.User; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -21,9 +23,14 @@ public class ASEUserDetailsService implements UserDetailsService { @Override @Transactional - public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { - User user = userService.findUserByUsername(s); - user.setAuthorities(userAuthoritiesGenerator.grantedAuthorities(user)); - return user; + public UserDetails loadUserByUsername(String s) { + try { + User user = userService.findUserByUsername(s); + user.setAuthorities(userAuthoritiesGenerator.grantedAuthorities(user)); + return user; + } catch (UserNotFoundException e){ + throw new AuthenticationServiceException("User Not Exist"); + } + } }