Spring Security 异常处理
认证【登录】失败
1、用户名找不到
当我们登录的时候,如果用户名找不到抛出出:UsernameNotFoundException,可以被拦截LoginFailureHandler因为UsernameNotFoundException继承自:AuthenticationException
package com.boot.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.boot.entity.Perm;
import com.boot.entity.User;
import com.boot.mapper.PermMapper;
import com.boot.mapper.UserMapper;
import com.boot.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.stream.Collectors;
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {
@Autowired
UserMapper userMapper;
@Autowired
PermMapper permMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
QueryWrapper queryWrapper = new QueryWrapper();
queryWrapper.eq("username",username);
User user = userMapper.selectOne(queryWrapper);
if(user == null){
throw new UsernameNotFoundException("用户未找到");
}
//根据用户名查找权限
QueryWrapper<Perm> permQueryWrapper = new QueryWrapper();
permQueryWrapper.eq("user_id",user.getId());
List<Perm> perms = permMapper.selectList(permQueryWrapper);
//权限标识
List<String> permTags = perms.stream().map(Perm::getTag).collect(Collectors.toList());
user.setAuthorities(AuthorityUtils.createAuthorityList(permTags));
return user;
}
}
2、密码错误异常
this.getAuthenticationManager().authenticate(authRequest)中抛出org.springframework.security.authentication.BadCredentialsException: 用户名或密码错误
package com.boot.security;
import com.boot.entity.User;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.SneakyThrows;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import java.io.BufferedReader;
import java.io.IOException;
public class LoginFilter extends UsernamePasswordAuthenticationFilter {
@SneakyThrows
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (!request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
}
String username = request.getParameter("username");
String password = request.getParameter("password");
UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username,password);
return this.getAuthenticationManager().authenticate(authRequest);
}
}
package com.boot.security;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import java.io.IOException;
public class LoginFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
System.out.println("登录异常信息:");
System.out.println("exception = " + exception);
}
}
授权失败【没有操作权限