package cn.mb.cloud.auth.security.component;
|
|
import cn.mb.cloud.auth.security.exception.*;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpStatus;
|
import org.springframework.http.ResponseEntity;
|
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
|
import org.springframework.security.oauth2.common.exceptions.ClientAuthenticationException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
|
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
|
import org.springframework.security.web.util.ThrowableAnalyzer;
|
import org.springframework.web.HttpRequestMethodNotSupportedException;
|
|
/**
|
* @author jason
|
* 异常处理,重写oauth 默认实现
|
*/
|
@Slf4j
|
public class MbCloudWebResponseExceptionTranslator implements WebResponseExceptionTranslator {
|
|
private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
|
|
@Override
|
public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
|
log.error("服务异常", e);
|
// Try to extract a SpringSecurityException from the stacktrace
|
Throwable[] causeChain = throwableAnalyzer.determineCauseChain(e);
|
|
Exception ase = (AuthenticationException) throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class,
|
causeChain);
|
if (ase != null) {
|
return handleOAuth2Exception(new UnauthorizedException(e.getMessage(), e));
|
}
|
|
ase = (AccessDeniedException) throwableAnalyzer
|
.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
|
if (ase != null) {
|
return handleOAuth2Exception(new ForbiddenException(ase.getMessage(), ase));
|
}
|
|
ase = (InvalidGrantException) throwableAnalyzer
|
.getFirstThrowableOfType(InvalidGrantException.class, causeChain);
|
if (ase != null) {
|
// return handleOAuth2Exception(new InvalidException(ase.getMessage(), ase));
|
return handleOAuth2Exception(new InvalidException("用户名不存在或者密码错误", ase));
|
}
|
|
ase = (HttpRequestMethodNotSupportedException) throwableAnalyzer
|
.getFirstThrowableOfType(HttpRequestMethodNotSupportedException.class, causeChain);
|
if (ase != null) {
|
return handleOAuth2Exception(new MethodNotAllowedException(ase.getMessage(), ase));
|
}
|
|
ase = (OAuth2Exception) throwableAnalyzer.getFirstThrowableOfType(
|
OAuth2Exception.class, causeChain);
|
|
if (ase != null) {
|
return handleOAuth2Exception((OAuth2Exception) ase);
|
}
|
|
return handleOAuth2Exception(new ServerErrorException(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), e));
|
|
}
|
|
private ResponseEntity<OAuth2Exception> handleOAuth2Exception(OAuth2Exception e) {
|
|
// int status = e.getHttpErrorCode();
|
int status = HttpStatus.OK.value();
|
HttpHeaders headers = new HttpHeaders();
|
headers.set(HttpHeaders.CACHE_CONTROL, "no-store");
|
headers.set(HttpHeaders.PRAGMA, "no-cache");
|
|
|
// 客户端异常直接返回客户端,不然无法解析
|
if (e instanceof ClientAuthenticationException) {
|
return new ResponseEntity<>(e, headers,
|
HttpStatus.valueOf(status));
|
}
|
return new ResponseEntity<>(new MbCloudAuth2Exception(e.getMessage(), e.getOAuth2ErrorCode()), headers,
|
HttpStatus.valueOf(status));
|
|
}
|
}
|
