package com.example.jz.auth;
|
|
|
import cn.hutool.json.JSONUtil;
|
import com.example.jz.modle.R;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
import org.springframework.security.web.firewall.HttpFirewall;
|
import org.springframework.security.web.firewall.StrictHttpFirewall;
|
import org.springframework.stereotype.Component;
|
|
import javax.servlet.ServletException;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
import java.util.regex.Pattern;
|
|
import static java.nio.charset.StandardCharsets.ISO_8859_1;
|
import static java.nio.charset.StandardCharsets.UTF_8;
|
|
/**
|
* @author 安瑾然
|
* @data 2022/7/18 - 10:35 AM
|
* @description 无权访问配置
|
*/
|
@Component
|
public class MyAccessDeniedHandler implements AccessDeniedHandler {
|
|
@Bean
|
public HttpFirewall httpFirewall() {
|
StrictHttpFirewall firewall = new StrictHttpFirewall();
|
Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*");
|
firewall.setAllowedHeaderValues((header) -> {
|
String parsed = new String(header.getBytes(ISO_8859_1), UTF_8);
|
return allowed.matcher(parsed).matches();
|
});
|
return firewall;
|
}
|
|
@Override
|
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
|
R<String> r = new R<>();
|
r.setCode(403);
|
r.setMsg("无权访问");
|
r.setData(null);
|
// 设置返回消息类型
|
httpServletResponse.setHeader("Content-type", "text/html;charset=UTF-8");
|
httpServletResponse.setCharacterEncoding("utf-8");
|
httpServletResponse.setContentType("application/json;charset=UTF-8");
|
// 返回给请求端
|
PrintWriter writer = httpServletResponse.getWriter();
|
writer.write(JSONUtil.toJsonStr(r));
|
writer.flush();
|
writer.close();
|
}
|
}
|
