From d2f32df19416e9b2f1796135a57141c93892d19b Mon Sep 17 00:00:00 2001
From: bs32g1038 <bs32g1038@163.com>
Date: Wed, 24 Apr 2024 12:00:17 +0800
Subject: [PATCH] chore: add CustomAccessDeniedHandler

---
 .../com/jixialunbi/config/SecurityConfig.java |  9 +++++++-
 .../security/CustomAccessDeniedHandler.java   | 21 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 server/src/main/java/com/jixialunbi/security/CustomAccessDeniedHandler.java

diff --git a/server/src/main/java/com/jixialunbi/config/SecurityConfig.java b/server/src/main/java/com/jixialunbi/config/SecurityConfig.java
index 5bea4d2..2d578b5 100644
--- a/server/src/main/java/com/jixialunbi/config/SecurityConfig.java
+++ b/server/src/main/java/com/jixialunbi/config/SecurityConfig.java
@@ -2,6 +2,7 @@
 
 import com.jixialunbi.security.AuthEntryPointJwt;
 import com.jixialunbi.security.AuthTokenFilter;
+import com.jixialunbi.security.CustomAccessDeniedHandler;
 import com.jixialunbi.service.UserDetailsServiceImpl;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -43,6 +44,9 @@ public class SecurityConfig {
     @Autowired
     private AuthEntryPointJwt unauthorizedHandler;
 
+    @Autowired
+    private CustomAccessDeniedHandler customAccessDeniedHandler;
+
     @Bean
     public AuthTokenFilter authenticationJwtTokenFilter() {
         return new AuthTokenFilter();
@@ -81,7 +85,10 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity, CorsConfigurat
         httpSecurity
                 .cors(cors -> cors.configurationSource(request -> corsConfiguration))
                 .csrf(e -> e.disable())
-                .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
+                .exceptionHandling(exception -> {
+                    exception.accessDeniedHandler(customAccessDeniedHandler);
+                    exception.authenticationEntryPoint(unauthorizedHandler);
+                })
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                 .authorizeHttpRequests(auth ->
                         auth.requestMatchers(AUTH_WHITELIST).permitAll().anyRequest().authenticated()
diff --git a/server/src/main/java/com/jixialunbi/security/CustomAccessDeniedHandler.java b/server/src/main/java/com/jixialunbi/security/CustomAccessDeniedHandler.java
new file mode 100644
index 0000000..91f3e29
--- /dev/null
+++ b/server/src/main/java/com/jixialunbi/security/CustomAccessDeniedHandler.java
@@ -0,0 +1,21 @@
+package com.jixialunbi.security;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        response.getWriter().write("Forbidden");
+    }
+
+}
\ No newline at end of file