org.springframework.security.access.AccessDeniedException

/**
 * AccessDeniedException异常处理返回json
 * 返回状态码:403
 */
@ResponseStatus(HttpStatus.FORBIDDEN)
@ExceptionHandler({ AccessDeniedException.clreplaced })
public Result badMethodExpressException(AccessDeniedException e) {
    return defHandler("没有权限请求当前方法", e);
}

/**
 * Close the call with {@link Status#PERMISSION_DENIED}.
 *
 * @param call The call to close.
 * @param aex The exception that was the cause.
 */
protected void closeCallAccessDenied(final ServerCall<?, ?> call, final AccessDeniedException aex) {
    log.debug(ACCESS_DENIED_DESCRIPTION, aex);
    call.close(Status.PERMISSION_DENIED.withCause(aex).withDescription(ACCESS_DENIED_DESCRIPTION), new Metadata());
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.FORBIDDEN)
@ResponseBody
public ErrorVM processAccessDeniedException(AccessDeniedException e) {
    return new ErrorVM(ErrorConstants.ERR_ACCESS_DENIED, e.getMessage());
}

/**
 * validation Exception
 *
 * @param exception
 * @return R
 */
@ExceptionHandler({ AccessDeniedException.clreplaced })
@ResponseStatus(HttpStatus.FORBIDDEN)
public Result bodyValidExceptionHandler(AccessDeniedException exception) {
    log.warn("AccessDeniedException:{}", exception);
    return Result.buildFail("权限不足");
}

/**
 * 登陆状态下，权限不足执行该方法
 *
 * @param httpServletRequest
 * @param response
 * @param e
 * @exception IOException
 * @exception ServletException
 */
@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse response, AccessDeniedException e) throws IOException {
    log.error("权限不足：" + e.getMessage());
    // 浏览器方式
    webBrowser(response);
// API接口方式
// api(response, e);
}

/**
 * Manage the AccessDeniedException exception.
 * Throw when a user try access a resource that he can't.
 *
 * @param exception the exception
 * @return The related response enreplacedy
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<ApiErrorDto> handleAccessDeniedException(AccessDeniedException exception) {
    GlobalDefaultExceptionHandler.LOGGER.debug("An exception has occurred in the API controllers part", exception);
    return ResponseEnreplacedy.status(ApiErrorEnum.FORBIDDEN.getStatus()).body(new ApiErrorDto(ApiErrorEnum.FORBIDDEN));
}

@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
    resolveException(httpServletRequest, httpServletResponse, e);
}

private void dump(AccessDeniedException e) {
    if (e instanceof AuthorizationServiceException) {
        log.debug("AuthorizationServiceException : {}", e.getMessage());
    } else if (e instanceof CsrfException) {
        log.debug("org.springframework.security.web.csrf.CsrfException : {}", e.getMessage());
    } else if (e instanceof org.springframework.security.web.server.csrf.CsrfException) {
        log.debug("org.springframework.security.web.server.csrf.CsrfException : {}", e.getMessage());
    } else {
        log.debug("AccessDeniedException : {}", e.getMessage());
    }
}

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
    delegateAccessDeniedHandler.handle(request, response, accessDeniedException);
    postHandle(request, response, accessDeniedException);
}

/**
 * 权 限 异 常 处 理
 */
@ExceptionHandler({ AccessDeniedException.clreplaced })
public Object access(HttpServletRequest request, AccessDeniedException e) {
    e.printStackTrace();
    if (ServletUtil.isAjax(request)) {
        return Result.failure("暂无权限");
    } else {
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.addObject("errorMessage", e.getMessage());
        modelAndView.setViewName("error/403");
        return modelAndView;
    }
}

private void replacedertDeniedException(AccessDeniedException e, String principal) {
    replacedertEquals("Wrong exception meessage (key)", "web.security.provider.access.denied", e.getMessage());
}

@Override
public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied) {
    return sendJsonStr(exchange.getResponse(), JSON.toJSONString(JsonResult.sendFailedResult(CommonResultCodeEnum.NO_PRIVILEGES)));
}

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
    if (accessDeniedException instanceof OAuth2AccessDeniedException) {
        OAuth2Error error = ((OAuth2AccessDeniedException) accessDeniedException).getError();
        if (error instanceof BearerTokenError) {
            this.handle(request, response, (BearerTokenError) error);
        } else if (error instanceof InsufficientScopeError) {
            this.handle(request, response, (InsufficientScopeError) error);
        } else {
            this.handle(request, response, error);
        }
    } else {
        this.handler.handle(request, response, HttpStatus.FORBIDDEN);
    }
}

private Mono<Void> accessDeniedHandler(ServerWebExchange serverWebExchange, AccessDeniedException e) {
    return Mono.fromRunnable(() -> {
        serverWebExchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
    });
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public GraphQLError wrapSecurityExceptions(AccessDeniedException e) {
    // Add This to `application-local.yaml` to debug what's gone wrong.
    // logging:
    // level:
    // org.springframework.security: TRACE
    return new ThrowableGraphQLError(e, "Current user does not have permission for this action");
}

@Override
public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException e) {
    return WebfluxResponseUtil.responseFailed(exchange, HttpStatus.FORBIDDEN.value(), e.getMessage());
}

/**
 * catch：AccessDeniedException.
 */
@ResponseBody
@ExceptionHandler(value = AccessDeniedException.clreplaced)
@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
public BaseResponse accessDeniedExceptionHandler(AccessDeniedException exception) throws Exception {
    log.warn("catch accessDenied exception", exception);
    BaseResponse bre = new BaseResponse(ConstantCode.ACCESS_DENIED);
    log.warn("accessDenied exception return:{}", JsonTools.toJSONString(bre));
    return bre;
}

/**
 * AccessDeniedException
 *
 * @param e the e
 * @return R
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.FORBIDDEN)
public Result handleAccessDeniedException(AccessDeniedException e) {
    String msg = SpringSecurityMessageSource.getAccessor().getMessage("AbstractAccessDecisionManager.accessDenied", e.getMessage());
    log.error("拒绝授权异常信息 ex={}", msg, e);
    return Result.buildFail(e.getLocalizedMessage());
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.FORBIDDEN)
public TutorExceptionDto accessDeniedException(AccessDeniedException e) {
    myLogger.error(e.getMessage());
    return new TutorExceptionDto(ACCESS_DENIED);
}

@Override
protected Mono<HttpStatus> resolveOAuth2ErrorHttpStatus(ServerWebExchange exchange, AccessDeniedException exception) {
    return Mono.just(HttpStatus.FORBIDDEN);
}

/**
 * 无权限访问.
 *
 * @param e the e
 *
 * @return the wrapper
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
@ResponseBody
public Wrapper unAuthorizedException(AccessDeniedException e) {
    log.error("业务异常={}", e.getMessage(), e);
    return WrapMapper.wrap(ErrorCodeEnum.GL99990401.code(), ErrorCodeEnum.GL99990401.msg());
}

/**
 * 权限不足
 *
 * @return
 */
@ResponseBody
@ExceptionHandler(AccessDeniedException.clreplaced)
public void handleAccessDeniedException(AccessDeniedException e) {
    // handleException会优先拦截到AccessDeniedException，导致WebSecurityConfig accessDeniedHandler无法执行
    // 在这里拦截AccessDeniedException再抛出
    throw e;
}

/**
 * AccessDeniedException异常处理返回json
 * 状态码:403
 * @param exception
 * @return
 */
@ExceptionHandler({ AccessDeniedException.clreplaced })
@ResponseStatus(HttpStatus.FORBIDDEN)
public Map<String, Object> badMethodExpressException(AccessDeniedException exception) {
    Map<String, Object> data = new HashMap<>();
    data.put("resp_code", HttpStatus.FORBIDDEN.value());
    data.put("resp_msg", exception.getMessage());
    return data;
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
@ResponseBody
public String exception(AccessDeniedException e) {
    return "{\"status\":\"access denied\"}";
}

/**
 * NullPointerException 空指针异常捕获处理
 * @param ex 自定义NullPointerException异常类型
 * @return Result
 */
@ExceptionHandler
@ResponseStatus(HttpStatus.FORBIDDEN)
public Result<?> handleException(AccessDeniedException ex) {
    log.error("程序异常：{}" + ex.toString());
    return Result.fail(HttpStatus.FORBIDDEN.value(), ex.getMessage());
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public R handleAuthorizationException(AccessDeniedException e) {
    log.error(e.getMessage());
    return R.error(403, "没有权限，请联系管理员授权");
}

@Override
public ErrorResponse toErrorResponse(AccessDeniedException exception) {
    return ExceptionMapperHelper.toErrorResponse(exception, ACCESS_DENIED, META_TYPE_VALUE);
}

@org.springframework.web.bind.annotation.ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<String> handleException(AccessDeniedException e) {
    LOGGER.debug(e.getMessage(), e);
    return ResponseEnreplacedy.status(UNAUTHORIZED).body("不允许访问");
}

// 403
@ResponseStatus(value = HttpStatus.FORBIDDEN)
@ExceptionHandler(value = AccessDeniedException.clreplaced)
public ModelAndView accessDeniedException(HttpServletRequest req, AccessDeniedException e) {
    LOG.debug("ErrorController  actionNotAllowed", e);
    return createErrorModelAndViewWithStatusAndView(e, req, emptyList(), HttpStatus.FORBIDDEN, "forbidden");
}

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
    JSONObject result = new JSONObject();
    result.put("error", accessDeniedException.getClreplaced().getSimpleName());
    result.put("error_description", accessDeniedException.getLocalizedMessage());
    log.debug("Access Denied Failed!");
    response.setContentType("application/json;charset=utf-8");
    response.setStatus(HttpStatus.UNAUTHORIZED.value());
    response.getWriter().write(result.toJSONString());
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<Map<String, Object>> accessDeny(HttpServletRequest request, AccessDeniedException ex) {
    return handleError(request, FORBIDDEN, ex);
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(value = HttpStatus.OK)
public Result<Object> handleAccessDeniedException(AccessDeniedException e) {
    String errorMsg = "AccessDeniedException exception";
    if (e != null) {
        errorMsg = e.getMessage();
        log.warn(e.getMessage(), e);
    }
    return new ResultUtil<>().setErrorMsg(500, errorMsg);
}

/**
 * Returns error when access is denied.
 *
 * @param ex exception while processing request
 * @return response enreplacedy with error code and message
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<InventoryExceptionResponse> handleAccessDeniedException(AccessDeniedException ex) {
    InventoryExceptionResponse response = new InventoryExceptionResponse(LocalDateTime.now(), "Forbidden", Collections.singletonList("User is not authorized to perform this operation"));
    LOGGER.info("User is not authorized to perform this operation", response);
    return new ResponseEnreplacedy<>(response, HttpStatus.FORBIDDEN);
}

/**
 * Returns error when access is denied.
 *
 * @param ex exception while processing request
 * @return response enreplacedy with error code and message
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<AppoExceptionResponse> handleAccessDeniedException(AccessDeniedException ex) {
    AppoExceptionResponse response = new AppoExceptionResponse(LocalDateTime.now(), "Forbidden", Collections.singletonList("User is not authorized to perform this operation"));
    LOGGER.info("User is not authorized to perform this operation {}", response.getMessage());
    return new ResponseEnreplacedy<>(response, HttpStatus.FORBIDDEN);
}

/**
 * Returns error when access is denied.
 *
 * @param ex exception while processing request
 * @return response enreplacedy with error code and message
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<ApmExceptionResponse> handleAccessDeniedException(AccessDeniedException ex) {
    ApmExceptionResponse response = new ApmExceptionResponse(LocalDateTime.now(), "Forbidden", Collections.singletonList("User is not authorized to perform this operation"));
    LOGGER.info("User is not authorized to perform this operation", response);
    return new ResponseEnreplacedy<>(response, HttpStatus.FORBIDDEN);
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(code = HttpStatus.FORBIDDEN)
public void AccessDeniedExceptionHandler(final AccessDeniedException e) {
}

protected static void replacedertSecurityError(Executable e) {
    AccessDeniedException exception = replacedertThrows(AccessDeniedException.clreplaced, e);
    replacedertEquals(SPRING_SECURITY_DENIED, exception.getMessage());
}

private void denyAccess(AccessDecision accessDecision) {
    String rejectionMessage = String.format("Access request rejected by OPA because: %s", accessDecision.getReason());
    log.debug(rejectionMessage);
    AccessDeniedException accessDeniedException = new AccessDeniedException(rejectionMessage);
    AuthorizationFailureEvent event = new AuthorizationFailureEvent(this, List.of(), SecurityContextHolder.getContext().getAuthentication(), accessDeniedException);
    eventPublisher.publishEvent(event);
    throw accessDeniedException;
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public Result handleAccessDeniedException(AccessDeniedException e) {
    log.error(e.getMessage(), e);
    return Result.error("没有权限，请联系管理员授权");
}

private void responseWithJson(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
    if (accessDeniedException instanceof CsrfException) {
        CsrfException deniedException = ((CsrfException) accessDeniedException);
        JsonUtil.responseWithJson(response, HttpStatus.FORBIDDEN.value(), toJsonString(ResponseResult.fail(deniedException.getMessage(), ErrorCodeEnum.CSRF_ERROR, request.getRequestURI())));
        return;
    }
    JsonUtil.responseWithJson(response, HttpStatus.FORBIDDEN.value(), toJsonString(ResponseResult.fail(ErrorCodeEnum.PERMISSION_DENY, request.getRequestURI())));
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public AjaxResult handleAuthorizationException(AccessDeniedException e) {
    log.error(e.getMessage());
    return AjaxResult.error(HttpStatus.FORBIDDEN, "没有权限，请联系管理员授权");
}

@ExceptionHandler(AccessDeniedException.clreplaced)
@ResponseStatus(HttpStatus.FORBIDDEN)
@ResponseBody
public ErrorVM processAccessDeniedException(AccessDeniedException e) {
    log.debug("Access denied", e);
    return new ErrorVM(ErrorConstants.ERR_ACCESS_DENIED, localizationErrorMessageService.getMessage(ErrorConstants.ERR_ACCESS_DENIED));
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public Result handleAuthorizationException(AccessDeniedException e) {
    log.error(e.getMessage());
    return Result.error().code(ResultCode.FORBIDDEN).message("没有权限，请联系管理员授权");
}

/**
 * {@inheritDoc} Called when access to resource is denied.
 */
@Override
public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException exception) throws IOException, ServletException {
    onAuthenticationFailure(request, response, new InsufficientAuthenticationException(StringUtils.isNotBlank(exception.getMessage()) ? exception.getMessage() : "Not authenticated", exception));
}

@ExceptionHandler(AccessDeniedException.clreplaced)
protected ResponseEnreplacedy<Object> handleMethodArgumentTypeMismatch(AccessDeniedException ex, WebRequest request) {
    ApiError apiError = new ApiError(UNAUTHORIZED);
    apiError.setMessage(ex.getMessage());
    apiError.setDebugMessage(ex.getMessage());
    return buildResponseEnreplacedy(apiError);
}

@Override
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) {
    throw e;
}

/**
 * description: security的角色权限不足异常
 *
 * @param e 权限不足异常
 * @return 200状态码 403自定义code
 * @author RenShiWei
 * Date: 2020/8/7 19:52
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<Result<String>> handleAccessDeniedException(AccessDeniedException e) {
    log.error(e.getMessage(), e);
    return ResponseEnreplacedy.status(HttpStatus.FORBIDDEN).body(Result.error(ResultEnum.IDENreplacedY_NOT_POW.getCode(), ResultEnum.IDENreplacedY_NOT_POW.getMsg()));
}

@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy<Object> handleUnexpected(final AccessDeniedException ex, final WebRequest request) {
    log.warn("Access denied: ", ex);
    return APIMessage.ErrorMessage.FORBIDDEN.createErrorResponse(ex.getMessage());
}

/**
 * 处理accessDeniedException异常
 * @param accessDeniedException
 * @return
 */
@ExceptionHandler(AccessDeniedException.clreplaced)
public ResponseEnreplacedy handleAccessDeniedException(AccessDeniedException accessDeniedException) {
    log.error("没有权限异常-------->：{}", accessDeniedException.getMessage());
    return ResponseEnreplacedy.status(HttpStatus.FORBIDDEN).body(CommonResult.forbidden());
}

@ExceptionHandler({ AccessDeniedException.clreplaced, AuthenticationException.clreplaced, InsufficientAuthenticationException.clreplaced })
public ResponseEnreplacedy<MessageResponseDto> handleAccessDeniedException(AccessDeniedException ex, WebRequest wr) {
    log.error("Access denied: {}", wr.getDescription(false));
    return buildResponseMessage(HttpStatus.FORBIDDEN, "Access denied to " + wr.getContextPath());
}

See More Examples