猿问

如何发送未经授权的响应以进行注释@CurrentUser

如何发送未经授权的注释响应@CurrentUser我有注释


@Target(ElementType.PARAMETER)

@Retention(RetentionPolicy.RUNTIME)

public @interface CurrentUser {

    boolean required() default true;

}

具有参数解析器


public class CurrentUserIdMethodArgumentResolver extends AbstractCurrentUserMethodArgumentResolver<CurrentUserId> {

    public CurrentUserIdMethodArgumentResolver() {

        super(CurrentUserId.class, null);

    }


    @Override

    protected boolean isRequired(CurrentUserId annotation) {

        return annotation.required();

    }


    @Override

    protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request) throws Exception {

        return (getCurrentUser() != null)? getCurrentUser().getId() : null;

    }

}

配置弹簧安全性


  @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests()

                            .antMatchers(REACT_API_PERMITTED_URL, PERMITTED_SOCKET_PUBLIC_TOPIC, PERMITTED_SOCKET_ENDPOINT1, PERMITTED_SOCKET_ENDPOINT2).permitAll()

                            .antMatchers(SOCKET_PRIVATE_ENDPOINT, NOT_PERMITTED_SOCKET_ENDPOINT1, NOT_PERMITTED_SOCKET_ENDPOINT2).authenticated()

                            .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")

                            .antMatchers("/moderator/**").access("hasRole('ROLE_MODERATOR')")

                            .anyRequest().authenticated()

                .and().headers()

                        .frameOptions().sameOrigin()

                .and().formLogin()

    }

我希望在我的控制器中返回到HTTP。STATUS.未经授权调用它(如果用户未获得授权)


 @GetMapping("/test")

 public User test(@CurrentUser User current) {

return current

}

现在我有状态400,错误的请求,但想要配置这个状态


慕尼黑8549860
浏览 144回答 2
2回答

慕容708150

Spring已经有了这个,只需添加到您的配置中,并使用特殊注释等注释您的安全方法:@EnableGlobalMethodSecurity(prePostEnabled = true)@PreAuthorize("isAuthenticated()")@PreAuthorize("hasAnyRole('ADMIN)")@EnableGlobalMethodSecurity(prePostEnabled = true)@Configurationpublic class WebSecurityConf43547 extends WebSecurityConfigurerAdapter {&nbsp; &nbsp; @Override&nbsp; &nbsp; protected void configure(HttpSecurity http) throws Exception {&nbsp; &nbsp; ....&nbsp; &nbsp; }}和控制器中@GetMapping("/test")@PreAuthorize("isAuthenticated()") //this annotation better add to service method @Servicepublic String test() {&nbsp; &nbsp; return "abc"}或 import org.springframework.security.core.Authentication;@GetMapping("/test")public String getOk(Authentication authentication) {&nbsp; &nbsp;return authentication.getName();}
0

红糖糍粑

我决定它的问题,所以:@Configuration@EnableWebMvcpublic class WebConfig extends WebMvcConfigurerAdapter {&nbsp; &nbsp; @Bean&nbsp; &nbsp; public CurrentUserMethodArgumentResolver userMethodArgumentResolver() {&nbsp; &nbsp; &nbsp; &nbsp; return new CurrentUserMethodArgumentResolver() {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @Override&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request) throws Exception {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; SecurityContext securityContext = SecurityContextHolder.getContext();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CurrentUser annotation = parameter.getParameterAnnotation(CurrentUser.class);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; boolean anonymousUser = securityContext.getAuthentication() instanceof AnonymousAuthenticationToken;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if (annotation.required() && anonymousUser) {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; throw new BadCredentialsException("access is denied");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return super.resolveName(name, parameter, request);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; };&nbsp; &nbsp; }&nbsp; &nbsp; @Override&nbsp; &nbsp; public void addArgumentResolvers(List<HandlerMethodArgumentResolver> list) {&nbsp; &nbsp; &nbsp; &nbsp; list.add(userMethodArgumentResolver());&nbsp; &nbsp; &nbsp; &nbsp; super.addArgumentResolvers(list);}
0
随时随地看视频慕课网APP

相关分类

Java
我要回答