update

cms/src/main/java/com/ym/mec/cms/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.cms.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -22,10 +24,14 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-		http.authorizeRequests().antMatchers("/v2/api-docs", "/news/list", "/news/query/*").permitAll()// 任何人不登录都可以获取的资源
+		http.authorizeRequests()
+				.antMatchers("/v2/api-docs", "/news/list", "/news/query/*")
+				.permitAll()
+				// 任何人不登录都可以获取的资源
 				// .antMatchers("/ipController/**").hasIpAddress("127.0.0.1") //特定ip可以不登录获取资源
 				// .antMatchers("/ipControll/**").access("isAuthenticated() and hasIpAddress('127.0.0.1')")// 特定ip必须登录才能获取
-				.anyRequest().authenticated().and().csrf().disable();
+				.anyRequest().authenticated().and().csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler)
+				.authenticationEntryPoint(baseAuthenticationEntryPoint).and();
 	}
 
 	@Override

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/constant/SecurityConstants.java

@@ -1,12 +0,0 @@
-package com.ym.mec.auth.config.constant;
-
-public interface SecurityConstants {
-
-	public static final String USERNAME_PRINCIPAL_PREFIX = "username:";
-
-	public static final String PHONE_PRINCIPAL_PREFIX = "phone:";
-
-	String PARAM_VERIFY_EXCEPTION = "参数校验异常";
-
-	String VERIFY_FAILURE = "校验失败";
-}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -19,9 +19,9 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.enums.SysUserType;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
 import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
 
 public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -20,8 +20,8 @@ import org.springframework.util.Assert;
 
 import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.enums.SysUserType;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
 
 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/AuthenticationFailureListener.java

@@ -1,12 +1,8 @@
 package com.ym.mec.auth.core.handler;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.ym.mec.auth.api.entity.SysUser;
-import com.ym.mec.auth.api.entity.SysUserLogin;
-import com.ym.mec.auth.api.enums.UserLockFlag;
-import com.ym.mec.auth.config.constant.SecurityConstants;
-import com.ym.mec.auth.service.SysUserLoginService;
-import com.ym.mec.auth.service.SysUserService;
+import java.util.Date;
+import java.util.HashMap;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -15,8 +11,13 @@ import org.springframework.security.authentication.event.AuthenticationFailureBa
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
-import java.util.Date;
-import java.util.HashMap;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.api.entity.SysUserLogin;
+import com.ym.mec.auth.api.enums.UserLockFlag;
+import com.ym.mec.auth.service.SysUserLoginService;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
 
 @Component
 public class AuthenticationFailureListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/BaseAuthenticationSuccessEventHandler.java

@@ -19,7 +19,6 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
 import org.springframework.security.oauth2.provider.ClientDetails;
@@ -35,11 +34,11 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.ym.mec.auth.api.entity.SysUser;
 import com.ym.mec.auth.api.entity.SysUserLogin;
 import com.ym.mec.auth.api.entity.SysUserLoginLog;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysUserLoginLogService;
 import com.ym.mec.auth.service.SysUserLoginService;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.common.entity.HttpResponseResult;
+import com.ym.mec.common.security.SecurityConstants;
 
 @Component
 public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuthenticationSuccessHandler {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -9,8 +9,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
+import com.ym.mec.common.security.SecurityConstants;
 import com.ym.mec.common.validcode.SmsCodeService;
 
 public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java

@@ -3,7 +3,6 @@ package com.ym.mec.auth.core.provider.service;
 import java.util.ArrayList;
 import java.util.List;
 
-import com.ym.mec.auth.api.enums.UserLockFlag;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.LockedException;
@@ -19,9 +18,10 @@ import org.springframework.stereotype.Service;
 import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.entity.SysUser;
 import com.ym.mec.auth.api.enums.SysUserType;
-import com.ym.mec.auth.config.constant.SecurityConstants;
+import com.ym.mec.auth.api.enums.UserLockFlag;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.common.security.AuthUser;
+import com.ym.mec.common.security.SecurityConstants;
 
 @Service
 public class DefaultUserDetailsService implements UserDetailsService {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/RoleController.java

@@ -1,22 +1,31 @@
 package com.ym.mec.auth.web.controller;
 
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+
+import java.util.Date;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import com.ym.mec.auth.api.entity.SysRole;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysMenuService;
 import com.ym.mec.auth.service.SysRoleMenuService;
 import com.ym.mec.auth.service.SysRoleService;
 import com.ym.mec.auth.service.SysUserRoleService;
 import com.ym.mec.common.controller.BaseController;
 import com.ym.mec.common.page.QueryInfo;
-
-import io.swagger.annotations.*;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.*;
-
-import java.util.Date;
+import com.ym.mec.common.security.SecurityConstants;
 
 @RestController()
 @RequestMapping("role")

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java

@@ -24,8 +24,8 @@ import org.springframework.web.bind.annotation.RestController;
 import com.google.code.kaptcha.Constants;
 import com.google.code.kaptcha.Producer;
 import com.google.code.kaptcha.servlet.KaptchaServlet;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.common.controller.BaseController;
+import com.ym.mec.common.security.SecurityConstants;
 import com.ym.mec.common.validcode.SmsCodeService;
 
 @RestController

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/UserController.java

@@ -1,23 +1,33 @@
 package com.ym.mec.auth.web.controller;
 
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+
+import java.util.Date;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import com.ym.mec.auth.api.entity.SysUser;
-import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysRoleService;
 import com.ym.mec.auth.service.SysUserRoleService;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.auth.web.controller.queryInfo.SysUserQueryInfo;
 import com.ym.mec.common.controller.BaseController;
 import com.ym.mec.common.security.AuthUser;
+import com.ym.mec.common.security.SecurityConstants;
 import com.ym.mec.common.security.SecurityUtils;
 import com.ym.mec.common.validcode.SmsCodeService;
-import io.swagger.annotations.*;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.MediaType;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.web.bind.annotation.*;
-
-import java.util.Date;
 
 @RestController()
 @RequestMapping("user")

mec-common/common-core/src/main/java/com/ym/mec/common/security/PermissionCheckService.java

@@ -5,7 +5,6 @@ import java.util.Collection;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 @Component("pcs")
@@ -17,6 +16,14 @@ public class PermissionCheckService {
 			return false;
 		}
 
+		String username = authentication.getName();
+
+		if (StringUtils.startsWith(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX)) {
+			if ("admin".equals(StringUtils.removeStart(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX))) {
+				return true;
+			}
+		}
+
 		Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
 
 		for (String perm : permissions) {

mec-education/src/main/java/com/ym/mec/education/config/ResourceServerConfig.java

@@ -2,33 +2,35 @@ package com.ym.mec.education.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
 import com.ym.mec.common.security.BaseAccessDeniedHandler;
 import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
-    @Autowired
-    private BaseAccessDeniedHandler baseAccessDeniedHandler;
+	@Autowired
+	private BaseAccessDeniedHandler baseAccessDeniedHandler;
 
-    @Autowired
-    private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
+	@Autowired
+	private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs").permitAll()
-                .antMatchers("/api/**").permitAll()
-                .anyRequest().authenticated().and().httpBasic();
-    }
+	@Override
+	public void configure(HttpSecurity http) throws Exception {
+		http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()
+				.authorizeRequests().antMatchers("/v2/api-docs").permitAll().antMatchers("/api/**").permitAll().anyRequest().authenticated().and().httpBasic();
+	}
 
-    @Override
-    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
-        resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
-    }
+	@Override
+	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+		resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
+	}
 
 }

mec-student/src/main/java/com/ym/mec/student/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.student.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -22,7 +24,15 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs", "/register/getMusicGroupRegInfo", "/register/add","musicGroup/getSubjectGoodsAndInfo","/musicGroup/test","/studentOrder/notify").permitAll().anyRequest().authenticated().and().httpBasic();
+		http.csrf()
+				.disable()
+				.exceptionHandling()
+				.accessDeniedHandler(baseAccessDeniedHandler)
+				.authenticationEntryPoint(baseAuthenticationEntryPoint)
+				.and()
+				.authorizeRequests()
+				.antMatchers("/v2/api-docs", "/register/getMusicGroupRegInfo", "/register/add", "musicGroup/getSubjectGoodsAndInfo", "/musicGroup/test",
+						"/studentOrder/notify").permitAll().anyRequest().authenticated().and().httpBasic();
 	}
 
 	@Override

mec-task/src/main/java/com/ym/mec/task/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.task.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -22,7 +24,8 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-		http.authorizeRequests().antMatchers("/v2/api-docs").permitAll().anyRequest().authenticated().and().csrf().disable();
+		http.authorizeRequests().antMatchers("/v2/api-docs").permitAll().anyRequest().authenticated().and().csrf().disable().exceptionHandling()
+				.accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and();
 	}
 
 	@Override

mec-teacher/src/main/java/com/ym/mec/teacher/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.teacher.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -22,7 +24,8 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs").permitAll().anyRequest().authenticated().and().httpBasic();
+		http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()
+				.authorizeRequests().antMatchers("/v2/api-docs").permitAll().anyRequest().authenticated().and().httpBasic();
 	}
 
 	@Override

mec-web/src/main/java/com/ym/mec/web/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.web.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -22,7 +24,7 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
-		http.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs","/classGroup/findMusicGroupClassTeacherSalary","/classGroup/findMusicGroupClassTeacher","/teacher/findTeachers").permitAll().anyRequest().authenticated().and().httpBasic();
+		http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and().authorizeRequests().antMatchers("/v2/api-docs").permitAll().anyRequest().authenticated().and().httpBasic();
 	}
 
 	@Override

mec-workflow/src/main/java/com/ym/mec/workfow/config/ResourceServerConfig.java

@@ -2,6 +2,7 @@ package com.ym.mec.workfow.config;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
@@ -12,6 +13,7 @@ import com.ym.mec.common.security.BaseAuthenticationEntryPoint;
 
 @Configuration
 @EnableResourceServer
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
 	@Autowired
@@ -25,7 +27,8 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 		http.authorizeRequests().antMatchers("/v2/api-docs", "/news/list", "/news/query/*").permitAll()// 任何人不登录都可以获取的资源
 				// .antMatchers("/ipController/**").hasIpAddress("127.0.0.1") //特定ip可以不登录获取资源
 				// .antMatchers("/ipControll/**").access("isAuthenticated() and hasIpAddress('127.0.0.1')")// 特定ip必须登录才能获取
-				.anyRequest().authenticated().and().csrf().disable();
+				.anyRequest().authenticated().and().csrf().disable()
+				.exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and();
 	}
 
 	@Override