使用 Spring Security 时经常会看见 403(无权限),默认情况下显示的效果如下:

 

而在实际项目中可能都是一个异步请求,显示上述效果对于用户就不是特别友好了。Spring Security 支持自定义权限受限。

1.新建类

新建类实现 AccessDeniedHandler

@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {
   
     
	@Override
	public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
   
     
		httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); httpServletResponse.setHeader("Content-Type","application/json;charset=utf-8") ;
		PrintWriter out = httpServletResponse.getWriter();
		out.write("{\"status\":\"error\",\"msg\":\"权限不足,请联系管理 员!\"}");
		out.flush();
		out.close();
	}
}

2.修改配置类

配置类中重点添加异常处理器。设置访问受限后交给哪个对象进行处理

myAccessDeniedHandler 是在配置类中进行自动注入的

//异常处理
http.exceptionHandling()
	.accessDeniedHandler(myAccessDeniedHandler);