优化security异常处理, token失效返回401, 其它返回500
This commit is contained in:
ajaxfan
@ -9,6 +9,7 @@ import javax.servlet.ServletException;
|
|||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
@ -25,12 +26,12 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
@Override
|
@Override
|
||||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||||
AuthenticationException authException) throws IOException, ServletException {
|
AuthenticationException authException) throws IOException, ServletException {
|
||||||
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
|
||||||
response.setContentType("application/json;charset=utf-8");
|
response.setContentType("application/json;charset=utf-8");
|
||||||
|
|
||||||
String code = (String) request.getSession().getAttribute("code");
|
String code = (String) request.getSession().getAttribute("code");
|
||||||
|
|
||||||
Map<String, Object> map = adapterException(code);
|
Map<String, Object> map = adapterException(StringUtils.defaultIfBlank(code, "System Generic Error"), response);
|
||||||
|
map.put("success", "false");
|
||||||
map.put("path", request.getServletPath());
|
map.put("path", request.getServletPath());
|
||||||
map.put("timestamp", String.valueOf(new Date().getTime()));
|
map.put("timestamp", String.valueOf(new Date().getTime()));
|
||||||
|
|
||||||
@ -44,28 +45,28 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
/**
|
/**
|
||||||
* @param code
|
* @param code
|
||||||
*/
|
*/
|
||||||
private Map<String, Object> adapterException(String code) {
|
private Map<String, Object> adapterException(String code, HttpServletResponse response) {
|
||||||
if ("90403".equals(code)) {
|
switch (code) {
|
||||||
return accessDenidedException(code);
|
case "90403":
|
||||||
|
return accessDenidedException(code, response);
|
||||||
|
case "90500":
|
||||||
|
return remoteTimeoutException(code, response);
|
||||||
|
default:
|
||||||
|
return globalException(code, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ("90500".equals(code)) {
|
|
||||||
return remoteTimeoutException(code);
|
|
||||||
}
|
|
||||||
|
|
||||||
return globalException(code);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* token 失效异常
|
* token 已失效
|
||||||
*
|
*
|
||||||
* @param code
|
* @param code
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private Map<String, Object> accessDenidedException(String code) {
|
private Map<String, Object> accessDenidedException(String code, HttpServletResponse response) {
|
||||||
|
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||||
|
|
||||||
Map<String, Object> map = new HashMap<>();
|
Map<String, Object> map = new HashMap<>();
|
||||||
map.put("code", code);
|
map.put("code", code);
|
||||||
map.put("success", "false");
|
|
||||||
map.put("message", "登录已超期");
|
map.put("message", "登录已超期");
|
||||||
|
|
||||||
return map;
|
return map;
|
||||||
@ -77,11 +78,12 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
* @param code
|
* @param code
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private Map<String, Object> remoteTimeoutException(String code) {
|
private Map<String, Object> remoteTimeoutException(String code, HttpServletResponse response) {
|
||||||
|
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
|
||||||
|
|
||||||
Map<String, Object> map = new HashMap<>();
|
Map<String, Object> map = new HashMap<>();
|
||||||
map.put("code", code);
|
map.put("code", code);
|
||||||
map.put("success", "false");
|
map.put("message", "网络繁忙,请稍后再试");
|
||||||
map.put("message", "token验证失败");
|
|
||||||
|
|
||||||
return map;
|
return map;
|
||||||
}
|
}
|
||||||
@ -89,10 +91,11 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
/**
|
/**
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
private Map<String, Object> globalException(String code) {
|
private Map<String, Object> globalException(String code, HttpServletResponse response) {
|
||||||
|
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||||
|
|
||||||
Map<String, Object> map = new HashMap<>();
|
Map<String, Object> map = new HashMap<>();
|
||||||
map.put("code", 500);
|
map.put("code", -1);
|
||||||
map.put("success", "false");
|
|
||||||
map.put("message", code);
|
map.put("message", code);
|
||||||
|
|
||||||
return map;
|
return map;
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import org.springframework.cloud.openfeign.FeignClient;
|
|||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.config.FeignClientConfiguration;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.fallback.UserCenterClientFallback;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.fallback.UserCenterClientFallback;
|
||||||
|
|
||||||
@ -12,7 +13,7 @@ import com.chinaunicom.mall.ebtp.cloud.security.starter.fallback.UserCenterClien
|
|||||||
*
|
*
|
||||||
* @author Ajaxfan
|
* @author Ajaxfan
|
||||||
*/
|
*/
|
||||||
@FeignClient(name = "${mall-ebtp.userinfo.id}", fallback = UserCenterClientFallback.class)
|
@FeignClient(name = "${mall-ebtp.userinfo.id}", fallback = UserCenterClientFallback.class, configuration = FeignClientConfiguration.class)
|
||||||
public interface UserCenterClient {
|
public interface UserCenterClient {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -0,0 +1,55 @@
|
|||||||
|
package com.chinaunicom.mall.ebtp.cloud.security.starter.config;
|
||||||
|
|
||||||
|
import static feign.FeignException.errorStatus;
|
||||||
|
|
||||||
|
import java.util.Calendar;
|
||||||
|
import java.util.Date;
|
||||||
|
import java.util.GregorianCalendar;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
|
import feign.FeignException;
|
||||||
|
import feign.Logger;
|
||||||
|
import feign.RetryableException;
|
||||||
|
import feign.codec.ErrorDecoder;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
@Slf4j
|
||||||
|
@Configuration
|
||||||
|
public class FeignClientConfiguration {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public Logger.Level feignLoggerLevel() {
|
||||||
|
return Logger.Level.BASIC;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public ErrorDecoder errorDecoder() {
|
||||||
|
return (methodKey, response) -> {
|
||||||
|
FeignException exception = errorStatus(methodKey, response);
|
||||||
|
|
||||||
|
log.error("error message: {}", exception.getMessage());
|
||||||
|
|
||||||
|
int status = response.status();
|
||||||
|
|
||||||
|
if (status >= 400 && status <= 500) {// 客户端异常,启用feign的重试机制
|
||||||
|
return new RetryableException(response.status(), exception.getMessage(),
|
||||||
|
response.request().httpMethod(), exception, retryAfter(), response.request());
|
||||||
|
}
|
||||||
|
return exception;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 延迟 n 秒后重试
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
private Date retryAfter() {
|
||||||
|
Calendar cal = GregorianCalendar.getInstance();
|
||||||
|
|
||||||
|
return cal.getTime();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -5,11 +5,15 @@ import org.springframework.stereotype.Component;
|
|||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.client.UserCenterClient;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.client.UserCenterClient;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
@Slf4j
|
||||||
@Component
|
@Component
|
||||||
public class UserCenterClientFallback implements UserCenterClient {
|
public class UserCenterClientFallback implements UserCenterClient {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SecurityUser getUserInfo() {
|
public SecurityUser getUserInfo() {
|
||||||
|
log.info("remote access timeout.");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
user.auth.csrf.disable=true
|
user.auth.csrf.disable=true
|
||||||
|
|
||||||
mall-ebtp.userinfo.id=core-service-ebtp-userinfo
|
mall-ebtp.userinfo.id=core-service-ebtp-userinfo
|
||||||
|
|||||||
Reference in New Issue
Block a user