diff --git a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java index a5735f218..5227c69e3 100644 --- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java +++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java @@ -5,6 +5,7 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.hsweb.web.core.authorize.AopAuthorizeValidator; import org.hsweb.web.core.exception.AuthorizeException; +import org.hsweb.web.core.exception.AuthorizeForbiddenException; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -28,7 +29,7 @@ public class AopAuthorizeValidatorAutoConfiguration { @Around(value = "execution(* org.hsweb.web..controller..*Controller..*(..))||@annotation(org.hsweb.web.core.authorize.annotation.Authorize)") public Object around(ProceedingJoinPoint pjp) throws Throwable { boolean access = super.validate(pjp); - if (!access) throw new AuthorizeException("无权限", 403); + if (!access) throw new AuthorizeForbiddenException("无权限", 403); return pjp.proceed(); } } diff --git a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java index aaabceb92..5c3355c9b 100644 --- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java +++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java @@ -1,15 +1,16 @@ package org.hsweb.web.controller; import com.alibaba.fastjson.JSON; -import org.hsweb.web.core.exception.BusinessException; -import org.hsweb.web.core.exception.NotFoundException; -import org.hsweb.web.core.exception.ValidationException; +import org.hsweb.web.core.exception.*; import org.hsweb.web.core.message.ResponseMessage; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.servlet.ModelAndView; + +import javax.servlet.http.HttpServletResponse; @ControllerAdvice public class ControllerExceptionTranslator { @@ -37,6 +38,21 @@ public class ControllerExceptionTranslator { } + @ExceptionHandler(AuthorizeException.class) + @ResponseStatus(HttpStatus.UNAUTHORIZED) + @ResponseBody + ResponseMessage handleException(AuthorizeException exception) { + return ResponseMessage.error(exception.getMessage(), exception.getStatus()); + } + + @ExceptionHandler(AuthorizeForbiddenException.class) + @ResponseStatus(HttpStatus.FORBIDDEN) + @ResponseBody + ResponseMessage handleException(AuthorizeForbiddenException exception) { + return ResponseMessage.error(exception.getMessage(), exception.getStatus()); + } + + @ExceptionHandler(NotFoundException.class) @ResponseStatus(HttpStatus.NOT_FOUND) @ResponseBody @@ -44,4 +60,21 @@ public class ControllerExceptionTranslator { return ResponseMessage.error(exception.getMessage(), 404); } +// @ExceptionHandler(BusinessException.class) +// ModelAndView handleExceptionView(BusinessException exception, HttpServletResponse response) { +// response.setStatus(exception.getStatus()); +// ModelAndView modelAndView = new ModelAndView("error/" + exception.getStatus()); +// modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), exception.getStatus()).toMap()); +// modelAndView.addObject("exception", exception); +// return modelAndView; +// } +// +// @ExceptionHandler(Throwable.class) +// ModelAndView handleExceptionView(Throwable exception, HttpServletResponse response) { +// response.setStatus(500); +// ModelAndView modelAndView = new ModelAndView("error/" + 500); +// modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), 500).toMap()); +// modelAndView.addObject("exception", exception); +// return modelAndView; +// } } \ No newline at end of file diff --git a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java index 343608a54..210347ab9 100644 --- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java +++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java @@ -5,6 +5,7 @@ import org.hsweb.web.bean.common.QueryParam; import org.hsweb.web.bean.po.user.User; import org.hsweb.web.core.authorize.annotation.Authorize; import org.hsweb.web.core.exception.AuthorizeException; +import org.hsweb.web.core.exception.AuthorizeForbiddenException; import org.hsweb.web.core.exception.NotFoundException; import org.hsweb.web.core.logger.annotation.AccessLogger; import org.hsweb.web.core.message.ResponseMessage; @@ -100,7 +101,7 @@ public class AuthorizeController { error_time = 0l; } if (error_number >= maxErrorNumber) - throw new AuthorizeException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!", 400); + throw new AuthorizeForbiddenException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!"); } User user = userService.selectByUserName(username); if (user == null || user.getStatus() != 1) throw new NotFoundException("用户不存在或已注销"); @@ -109,7 +110,7 @@ public class AuthorizeController { if (error_number == null) error_number = 0; cache.put(timeCacheKey, System.currentTimeMillis()); cache.put(numberCacheKey, ++error_number); - throw new AuthorizeException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次", 400); + throw new AuthorizeForbiddenException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次"); } cache.evict(timeCacheKey); cache.evict(numberCacheKey); diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java index 0bd8754e4..cae64c2b9 100644 --- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java +++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java @@ -3,6 +3,7 @@ package org.hsweb.web.core.authorize.validator; import org.hsweb.web.core.authorize.AuthorizeValidatorConfig; import org.hsweb.web.core.authorize.annotation.Authorize; import org.hsweb.web.core.exception.AuthorizeException; +import org.hsweb.web.core.exception.AuthorizeForbiddenException; import org.webbuilder.utils.common.StringUtils; import org.webbuilder.utils.script.engine.DynamicScriptEngine; import org.webbuilder.utils.script.engine.DynamicScriptEngineFactory; @@ -53,7 +54,7 @@ public class SimpleAuthorizeValidatorConfig implements AuthorizeValidatorConfig engine.compile(id, expression); expressions.add(new Expression(id, language)); } catch (Exception e) { - throw new AuthorizeException("compile expression error", e, 403); + throw new AuthorizeForbiddenException("compile expression error", e, 403); } return this; }