@
beny2mor @
Servicepublic class MyAccessDecisionManager implements AccessDecisionManager {
@
Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if(null == configAttributes || configAttributes.size() <= 0) {
return;
}
ConfigAttribute c;
String needRole;
for(Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext(); ) {
c = iter.next();
needRole = c.getAttribute();
for(GrantedAuthority ga : authentication.getAuthorities()) {
if(needRole.trim().equals(ga.getAuthority())) {
return;
}
}
}
throw new AccessDeniedException("没有操作权限");
}
@
Override public boolean supports(ConfigAttribute attribute) {
return true;
}
@
Override public boolean supports(Class<?> clazz) {
return true;
}
}
----------------------------------------------------------------
@
Componentpublic class MyAccessDeniedHandler implements AccessDeniedHandler {
@
Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
//返回 json 形式的错误信息
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
response.getWriter().println("{\"code\":1001, \"msg\":\""+e.getMessage()+"\"}");
response.getWriter().flush();
}
}
----------------------------------------------------------
是有 AccessDecisionManager 的,无权限的资源也返回了这个 json,现在就是会自己跳转到登录