新增拒绝访问异常

2026-07-01 03:34:21 +08:00 · 2016-06-14 14:59:54 +08:00
parent a45e407265
commit 5aee3354a0
4 changed files with 43 additions and 7 deletions
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java
@@ -5,6 +5,7 @@ import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.hsweb.web.core.authorize.AopAuthorizeValidator;
 import org.hsweb.web.core.exception.AuthorizeException;
+import org.hsweb.web.core.exception.AuthorizeForbiddenException;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -28,7 +29,7 @@ public class AopAuthorizeValidatorAutoConfiguration {
        @Around(value = "execution(* org.hsweb.web..controller..*Controller..*(..))||@annotation(org.hsweb.web.core.authorize.annotation.Authorize)")
        public Object around(ProceedingJoinPoint pjp) throws Throwable {
            boolean access = super.validate(pjp);
-            if (!access) throw new AuthorizeException("无权限", 403);
+            if (!access) throw new AuthorizeForbiddenException("无权限", 403);
            return pjp.proceed();
        }
    }
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java
@@ -1,15 +1,16 @@
 package org.hsweb.web.controller;

 import com.alibaba.fastjson.JSON;
-import org.hsweb.web.core.exception.BusinessException;
-import org.hsweb.web.core.exception.NotFoundException;
-import org.hsweb.web.core.exception.ValidationException;
+import org.hsweb.web.core.exception.*;
 import org.hsweb.web.core.message.ResponseMessage;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletResponse;

@ControllerAdvice
 public class ControllerExceptionTranslator {
@@ -37,6 +38,21 @@ public class ControllerExceptionTranslator {
    }


+    @ExceptionHandler(AuthorizeException.class)
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ResponseBody
+    ResponseMessage handleException(AuthorizeException exception) {
+        return ResponseMessage.error(exception.getMessage(), exception.getStatus());
+    }
+
+    @ExceptionHandler(AuthorizeForbiddenException.class)
+    @ResponseStatus(HttpStatus.FORBIDDEN)
+    @ResponseBody
+    ResponseMessage handleException(AuthorizeForbiddenException exception) {
+        return ResponseMessage.error(exception.getMessage(), exception.getStatus());
+    }
+
+
    @ExceptionHandler(NotFoundException.class)
    @ResponseStatus(HttpStatus.NOT_FOUND)
    @ResponseBody
@@ -44,4 +60,21 @@ public class ControllerExceptionTranslator {
        return ResponseMessage.error(exception.getMessage(), 404);
    }

+//    @ExceptionHandler(BusinessException.class)
+//    ModelAndView handleExceptionView(BusinessException exception, HttpServletResponse response) {
+//        response.setStatus(exception.getStatus());
+//        ModelAndView modelAndView = new ModelAndView("error/" + exception.getStatus());
+//        modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), exception.getStatus()).toMap());
+//        modelAndView.addObject("exception", exception);
+//        return modelAndView;
+//    }
+//
+//    @ExceptionHandler(Throwable.class)
+//    ModelAndView handleExceptionView(Throwable exception, HttpServletResponse response) {
+//        response.setStatus(500);
+//        ModelAndView modelAndView = new ModelAndView("error/" + 500);
+//        modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), 500).toMap());
+//        modelAndView.addObject("exception", exception);
+//        return modelAndView;
+//    }
 }
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java
@@ -5,6 +5,7 @@ import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.authorize.annotation.Authorize;
 import org.hsweb.web.core.exception.AuthorizeException;
+import org.hsweb.web.core.exception.AuthorizeForbiddenException;
 import org.hsweb.web.core.exception.NotFoundException;
 import org.hsweb.web.core.logger.annotation.AccessLogger;
 import org.hsweb.web.core.message.ResponseMessage;
@@ -100,7 +101,7 @@ public class AuthorizeController {
                error_time = 0l;
            }
            if (error_number >= maxErrorNumber)
-                throw new AuthorizeException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!", 400);
+                throw new AuthorizeForbiddenException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!");
        }
        User user = userService.selectByUserName(username);
        if (user == null || user.getStatus() != 1) throw new NotFoundException("用户不存在或已注销");
@@ -109,7 +110,7 @@ public class AuthorizeController {
            if (error_number == null) error_number = 0;
            cache.put(timeCacheKey, System.currentTimeMillis());
            cache.put(numberCacheKey, ++error_number);
-            throw new AuthorizeException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次", 400);
+            throw new AuthorizeForbiddenException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次");
        }
        cache.evict(timeCacheKey);
        cache.evict(numberCacheKey);