这很容易给力的OAuth2,你只需要自己看着办吧第一个:
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.access("#oauth2.hasScope('read')")
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler);
}
然后你会n EED创建您的AuthenticationEntryPoint和accessDeniedHandler @Bean
@Bean
public AccessDeniedHandler accessDeniedHandler() {
return new AccessDeniedHandler() {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
response.getWriter().append("\"FORBIDDEN\"");
response.setStatus(HttpStatus.FORBIDDEN.value());
}
};
}
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
return new AuthenticationEntryPoint() {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
response.getWriter().append("\"UNAUTHORIZED\"");
response.setStatus(HttpStatus.UNAUTHORIZED.value());
}
};
}
随意在JSON你喜欢的方式进行转换,我建议你杰克逊。
非常好...这工作。 –