Переглянути джерело

Merge branch 'master' of http://git.dayaedu.com/yonge/edu-saas

zouxuan 5 роки тому
батько
коміт
02c91ef91b

+ 1 - 0
edu-auth/edu-auth-server/src/main/java/com/keao/edu/auth/core/handler/BaseAuthenticationFailureEvenHandler.java

@@ -32,6 +32,7 @@ public class BaseAuthenticationFailureEvenHandler extends ExceptionMappingAuthen
         String message = exception.getLocalizedMessage();
         if (message.equals("Bad credentials")) {
             message = "用户名或密码错误";
+        	resultCode = 99;
         }else if(message.equals("User is disabled")){
             message = "账户被锁定";
         }else if(message.equals("404.9")){

+ 13 - 1
edu-common/src/main/java/com/keao/edu/common/security/BaseAccessDeniedHandler.java

@@ -2,17 +2,21 @@ package com.keao.edu.common.security;
 
 import com.keao.edu.common.constant.CommonConstants;
 import com.keao.edu.common.entity.HttpResponseResult;
+
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.codehaus.jackson.map.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
 import java.io.PrintWriter;
 
@@ -35,8 +39,16 @@ public class BaseAccessDeniedHandler extends OAuth2AccessDeniedHandler {
 		if (e == null) {
 			e = authException;
 		}
+		
+		int errorCode = 500;
+		if (e instanceof InvalidTokenException) {
+			errorCode = HttpServletResponse.SC_UNAUTHORIZED;
+		}
+		if (e instanceof InsufficientAuthenticationException) {
+			errorCode = HttpServletResponse.SC_FORBIDDEN;
+		}
 
-		HttpResponseResult result = new HttpResponseResult(false, HttpServletResponse.SC_FORBIDDEN, null, e.getMessage());
+		HttpResponseResult<Object> result = new HttpResponseResult<Object>(false, errorCode, null, e.getMessage());
 
 		ObjectMapper objectMapper = new ObjectMapper();
 

+ 4 - 1
edu-common/src/main/java/com/keao/edu/common/security/BaseAuthenticationEntryPoint.java

@@ -33,7 +33,10 @@ public class BaseAuthenticationEntryPoint implements AuthenticationEntryPoint {
 		}
 
 		int errorCode = 500;
-		if (e instanceof InvalidTokenException || e instanceof InsufficientAuthenticationException) {
+		if (e instanceof InvalidTokenException) {
+			errorCode = HttpServletResponse.SC_UNAUTHORIZED;
+		}
+		if (e instanceof InsufficientAuthenticationException) {
 			errorCode = HttpServletResponse.SC_FORBIDDEN;
 		}