异常处理

Posted on Edited on In

Spring Security 异常处理

认证【登录】失败

1、用户名找不到

当我们登录的时候,如果用户名找不到抛出出:UsernameNotFoundException,可以被拦截LoginFailureHandler因为UsernameNotFoundException继承自:AuthenticationException

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package com.boot.service.impl;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.boot.entity.Perm;
import com.boot.entity.User;
import com.boot.mapper.PermMapper;
import com.boot.mapper.UserMapper;
import com.boot.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.stream.Collectors;

@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {

    @Autowired
    UserMapper userMapper;

    @Autowired
    PermMapper permMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        QueryWrapper queryWrapper = new QueryWrapper();
        queryWrapper.eq("username",username);
        User user = userMapper.selectOne(queryWrapper);

        if(user == null){
            throw new UsernameNotFoundException("用户未找到");
        }

        //根据用户名查找权限
        QueryWrapper<Perm> permQueryWrapper = new QueryWrapper();
        permQueryWrapper.eq("user_id",user.getId());

        List<Perm> perms = permMapper.selectList(permQueryWrapper);

        //权限标识
        List<String> permTags = perms.stream().map(Perm::getTag).collect(Collectors.toList());

        user.setAuthorities(AuthorityUtils.createAuthorityList(permTags));

        return user;
    }
}

2、密码错误异常
this.getAuthenticationManager().authenticate(authRequest)中抛出org.springframework.security.authentication.BadCredentialsException: 用户名或密码错误

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package com.boot.security;

import com.boot.entity.User;

import jakarta.servlet.http.HttpServletRequest;

import jakarta.servlet.http.HttpServletResponse;

import lombok.SneakyThrows;

import org.springframework.security.authentication.AuthenticationServiceException;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import java.io.BufferedReader;

import java.io.IOException;

public class LoginFilter extends UsernamePasswordAuthenticationFilter {

 @SneakyThrows

 @Override

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {

if (!request.getMethod().equals("POST")) {

throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());

}

String username = request.getParameter("username");

String password = request.getParameter("password");

UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username,password);

return this.getAuthenticationManager().authenticate(authRequest);

}

}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
package com.boot.security;

import jakarta.servlet.ServletException;

import jakarta.servlet.http.HttpServletRequest;

import jakarta.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import java.io.IOException;

public class LoginFailureHandler implements AuthenticationFailureHandler {

 @Override

public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

System.out.println("登录异常信息:");

System.out.println("exception = " + exception);

}

}

授权失败【没有操作权限