org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler Java Examples

The following examples show how to use org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityHandlerConfig.java    From open-capacity-platform with Apache License 2.0 6 votes vote down vote up
/**
* 处理spring security oauth 处理失败返回消息格式
* resp_code
* resp_desc
*/
  @Bean
  public OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler(){
  	return new OAuth2AccessDeniedHandler(){
  	    
  	    @Override
  	    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {

  	    	Map<String ,String > rsp =new HashMap<>();  
  	    	response.setContentType("application/json;charset=UTF-8");

  	        response.setStatus(HttpStatus.UNAUTHORIZED.value() );
		
		rsp.put("resp_code", HttpStatus.UNAUTHORIZED.value() + "") ;
              rsp.put("resp_msg", authException.getMessage()) ;
              
              response.setContentType("application/json;charset=UTF-8");
  			response.getWriter().write(objectMapper.writeValueAsString(rsp));
  			response.getWriter().flush();
  			response.getWriter().close();
  	        
  	    }
  	};
  }
 
Example #2
Source File: ResourceServerConfiguration.java    From openapi-generator with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
//configure security for the http methods
    http.
    anonymous().disable()
    .requestMatchers().antMatchers(HttpMethod.GET, "/pet/**")
    .and().authorizeRequests()
    .antMatchers(HttpMethod.GET, "/pet/**").access("hasRole('ADMIN')")
    .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    http.
    anonymous().disable()
    .requestMatchers().antMatchers(HttpMethod.GET, "/store/**")
    .and().authorizeRequests()
    .antMatchers(HttpMethod.GET, "/store/**").access("hasRole('ADMIN')")
    .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    http.
    anonymous().disable()
    .requestMatchers().antMatchers(HttpMethod.GET, "/user/**")
    .and().authorizeRequests()
    .antMatchers(HttpMethod.GET, "/user/**").access("hasRole('ADMIN')")
    .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #3
Source File: ResourceServerOAuth2Config.java    From Building-Web-Apps-with-Spring-5-and-Angular with MIT License 6 votes vote down vote up
@Override
 public void configure(final HttpSecurity http) throws Exception {
 	http
 		.requestMatchers().antMatchers("/doctor/**", "/rx/**", "/account/**")
 		.and()
 		.authorizeRequests()
 		.antMatchers(HttpMethod.GET,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")	
.antMatchers("/account/**").permitAll()
.and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
.and()
.csrf().disable();

 }
 
Example #4
Source File: DefaultSecurityHandlerConfig.java    From microservices-platform with Apache License 2.0 5 votes vote down vote up
/**
 * 处理spring security oauth 处理失败返回消息格式
 */
@Bean
public OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler() {
    return new OAuth2AccessDeniedHandler() {

        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {
            ResponseUtil.responseFailed(objectMapper, response, authException.getMessage());
        }
    };
}
 
Example #5
Source File: CustomResourceServerConfig.java    From spring-microservice-exam with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    String[] ignores = new String[filterIgnorePropertiesConfig.getUrls().size()];
    http
            .csrf().disable()
            .httpBasic().disable()
            .authorizeRequests()
            .antMatchers(filterIgnorePropertiesConfig.getUrls().toArray(ignores)).permitAll()
            .anyRequest().authenticated()
            .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    // 手机号登录
    http.apply(mobileSecurityConfigurer);
    // 微信登录
    http.apply(wxSecurityConfigurer);
}
 
Example #6
Source File: ResourceServerConfig.java    From java-starthere with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception
{
    // http.anonymous().disable(); // since we allow anonymous users to access Swagger
    // and create a user account
    http.authorizeRequests()
        .antMatchers("/",
                     "/h2-console/**",
                     "/swagger-resources/**",
                     "/swagger-resource/**",
                     "/swagger-ui.html",
                     "/v2/api-docs",
                     "/webjars/**",
                     "/createnewuser")
        .permitAll()
        .antMatchers("/users/**",
                     "/useremails/**",
                     "/oauth/revoke-token",
                     "/logout")
        .authenticated()
        .antMatchers("/roles/**",
                     "/actuator/**")
        .hasAnyRole("ADMIN")
        .and()
        .exceptionHandling()
        .accessDeniedHandler(new OAuth2AccessDeniedHandler());

    // http.requiresChannel().anyRequest().requiresSecure(); // required for https
    http.csrf()
        .disable();
    http.headers()
        .frameOptions()
        .disable();
    http.logout()
        .disable();
}
 
Example #7
Source File: ResourceServerConfig.java    From Mastering-Spring-5.1 with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
       http.
               anonymous().disable()
               .authorizeRequests()
               .antMatchers("/users/**").access("hasRole('USER')")
               .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #8
Source File: ResourceServerConfiguration.java    From cola-cloud with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests().antMatchers("/v2/api-docs","/sms/token").permitAll()
            .anyRequest().authenticated()
        .and().logout().permitAll()
        .and().formLogin().permitAll()
        .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #9
Source File: ResourceServerConfig.java    From Spring-5.0-Projects with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
       http
           .authorizeRequests()
           .antMatchers("/api/**").authenticated()
           .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #10
Source File: ResourceServerConfig.java    From oauth2-blog with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.
            anonymous().disable()
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #11
Source File: ResourceServerConfig.java    From springboot-vue.js-bbs with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .cors()
            .and()
        .requestMatchers()
            .antMatchers("/api/**")
            .and()
        .authorizeRequests()
            .antMatchers("/api/**/board/**").permitAll()
            .antMatchers("/api/**/user/signup").permitAll()
            .antMatchers("/api/**").hasAuthority(Authority.USER.getAuthority())
            .and()
        .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
 
Example #12
Source File: SecurityConfiguration.java    From nakadi with MIT License 5 votes vote down vote up
@Override
public void configure(final ResourceServerSecurityConfigurer resources) throws Exception {
    final OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    oAuth2AuthenticationEntryPoint.setExceptionRenderer(new ProblemOauthExceptionRenderer());
    resources.authenticationEntryPoint(oAuth2AuthenticationEntryPoint);
    resources.tokenServices(tokenServices);
    resources.expressionHandler(new ExtendedOAuth2WebSecurityExpressionHandler());
    final OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler = new OAuth2AccessDeniedHandler();
    oAuth2AccessDeniedHandler.setExceptionRenderer(new ProblemOauthExceptionRenderer());
    resources.accessDeniedHandler(oAuth2AccessDeniedHandler);
}
 
Example #13
Source File: OAuth2CustomResultConfiguration.java    From onetwo with Apache License 2.0 4 votes vote down vote up
@Bean
public OAuth2AccessDeniedHandler oauth2AccessDeniedHandler(ObjectMapperProvider objectMapperProvider){
	OAuth2AccessDeniedHandler dh = new OAuth2AccessDeniedHandler();
	dh.setExceptionRenderer(oauth2ExceptionRenderer(objectMapperProvider));
	return dh;
}
 
Example #14
Source File: ResourceServerConfig.java    From pacbot with Apache License 2.0 3 votes vote down vote up
/**
 * Classic Spring Security stuff, defining how to handle {@link AccessDeniedException}s.
 * Inject your custom exception translator into the OAuth2AccessDeniedHandler.
 * (if you don't add this access denied exceptions may use a different format)
 * 
 * @return AccessDeniedHandler
 */
@Bean
public AccessDeniedHandler accessDeniedHandler() {
    final OAuth2AccessDeniedHandler handler = new OAuth2AccessDeniedHandler();
    handler.setExceptionTranslator(exceptionTranslator());
    return handler;
}
 
Example #15
Source File: ResourceServerConfiguration.java    From spring-cloud-contract-samples with Apache License 2.0 3 votes vote down vote up
/**
 * <p>
 * Configures security.
 * </p>
 * @param http security to configure
 * @throws Exception if something unexpected happened
 */
@Override
public void configure(HttpSecurity http) throws Exception {
	notNull(http, "http");
	http.csrf().disable().authorizeRequests().antMatchers("/**").authenticated().and()
			.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}