1.资源服务器
package com.ruhuanxingyun.config; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler; import org.springframework.security.web.AuthenticationEntryPoint; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.Map; @Configuration public class SecurityResourceConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests().antMatchers("/api/1.0/**").access("#oauth2.hasScope('all')").and() .authorizeRequests().antMatchers("/public/**").permitAll().and() .authorizeRequests().antMatchers("/export/**").permitAll().and() .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.authenticationEntryPoint(new AuthExceptionEntryPoint()); } class AuthExceptionEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws ServletException { Map<String, Object> map = new HashMap<>(9); Throwable cause = authException.getCause(); if (cause instanceof InvalidTokenException) { map.put("code", 401); map.put("msg", "无效的token"); } else { map.put("code", 401); map.put("msg", "访问此资源需要完全的身份验证"); } map.put("data", authException.getMessage()); map.put("success", false); map.put("path", request.getServletPath()); map.put("timestamp", String.valueOf(System.currentTimeMillis())); response.setContentType("application/json"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); try { ObjectMapper mapper = new ObjectMapper(); mapper.writeValue(response.getOutputStream(), map); } catch (Exception e) { throw new ServletException(); } } } }