9 years ago · 5aee3354a0
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAuthorizeValidatorAutoConfiguration.java
@@ -5,6 +5,7 @@ import org.aspectj.lang.annotation.Around;
 
				 import org.aspectj.lang.annotation.Aspect;
			
 
				 import org.hsweb.web.core.authorize.AopAuthorizeValidator;
			
 
				 import org.hsweb.web.core.exception.AuthorizeException;
			
 
				+import org.hsweb.web.core.exception.AuthorizeForbiddenException;
			
 
				 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
@@ -28,7 +29,7 @@ public class AopAuthorizeValidatorAutoConfiguration {
 
				         @Around(value = "execution(* org.hsweb.web..controller..*Controller..*(..))||@annotation(org.hsweb.web.core.authorize.annotation.Authorize)")
			
 
				         public Object around(ProceedingJoinPoint pjp) throws Throwable {
			
 
				             boolean access = super.validate(pjp);
			
 
				-            if (!access) throw new AuthorizeException("无权限", 403);
			
 
				+            if (!access) throw new AuthorizeForbiddenException("无权限", 403);
			
 
				             return pjp.proceed();
			
 
				         }
			
 
				     }
			
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java
@@ -1,15 +1,16 @@
 
				 package org.hsweb.web.controller;
			
 
				 
			
 
				 import com.alibaba.fastjson.JSON;
			
 
				-import org.hsweb.web.core.exception.BusinessException;
			
 
				-import org.hsweb.web.core.exception.NotFoundException;
			
 
				-import org.hsweb.web.core.exception.ValidationException;
			
 
				+import org.hsweb.web.core.exception.*;
			
 
				 import org.hsweb.web.core.message.ResponseMessage;
			
 
				 import org.springframework.http.HttpStatus;
			
 
				 import org.springframework.web.bind.annotation.ControllerAdvice;
			
 
				 import org.springframework.web.bind.annotation.ExceptionHandler;
			
 
				 import org.springframework.web.bind.annotation.ResponseBody;
			
 
				 import org.springframework.web.bind.annotation.ResponseStatus;
			
 
				+import org.springframework.web.servlet.ModelAndView;
			
 
				+
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				 
			
 
				 @ControllerAdvice
			
 
				 public class ControllerExceptionTranslator {
			
@@ -37,6 +38,21 @@ public class ControllerExceptionTranslator {
 
				     }
			
 
				 
			
 
				 
			
 
				+    @ExceptionHandler(AuthorizeException.class)
			
 
				+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
			
 
				+    @ResponseBody
			
 
				+    ResponseMessage handleException(AuthorizeException exception) {
			
 
				+        return ResponseMessage.error(exception.getMessage(), exception.getStatus());
			
 
				+    }
			
 
				+
			
 
				+    @ExceptionHandler(AuthorizeForbiddenException.class)
			
 
				+    @ResponseStatus(HttpStatus.FORBIDDEN)
			
 
				+    @ResponseBody
			
 
				+    ResponseMessage handleException(AuthorizeForbiddenException exception) {
			
 
				+        return ResponseMessage.error(exception.getMessage(), exception.getStatus());
			
 
				+    }
			
 
				+
			
 
				+
			
 
				     @ExceptionHandler(NotFoundException.class)
			
 
				     @ResponseStatus(HttpStatus.NOT_FOUND)
			
 
				     @ResponseBody
			
@@ -44,4 +60,21 @@ public class ControllerExceptionTranslator {
 
				         return ResponseMessage.error(exception.getMessage(), 404);
			
 
				     }
			
 
				 
			
 
				+//    @ExceptionHandler(BusinessException.class)
			
 
				+//    ModelAndView handleExceptionView(BusinessException exception, HttpServletResponse response) {
			
 
				+//        response.setStatus(exception.getStatus());
			
 
				+//        ModelAndView modelAndView = new ModelAndView("error/" + exception.getStatus());
			
 
				+//        modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), exception.getStatus()).toMap());
			
 
				+//        modelAndView.addObject("exception", exception);
			
 
				+//        return modelAndView;
			
 
				+//    }
			
 
				+//
			
 
				+//    @ExceptionHandler(Throwable.class)
			
 
				+//    ModelAndView handleExceptionView(Throwable exception, HttpServletResponse response) {
			
 
				+//        response.setStatus(500);
			
 
				+//        ModelAndView modelAndView = new ModelAndView("error/" + 500);
			
 
				+//        modelAndView.addAllObjects(ResponseMessage.error(exception.getMessage(), 500).toMap());
			
 
				+//        modelAndView.addObject("exception", exception);
			
 
				+//        return modelAndView;
			
 
				+//    }
			
 
				 }
			
--- a/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java
+++ b/hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java
@@ -5,6 +5,7 @@ import org.hsweb.web.bean.common.QueryParam;
 
				 import org.hsweb.web.bean.po.user.User;
			
 
				 import org.hsweb.web.core.authorize.annotation.Authorize;
			
 
				 import org.hsweb.web.core.exception.AuthorizeException;
			
 
				+import org.hsweb.web.core.exception.AuthorizeForbiddenException;
			
 
				 import org.hsweb.web.core.exception.NotFoundException;
			
 
				 import org.hsweb.web.core.logger.annotation.AccessLogger;
			
 
				 import org.hsweb.web.core.message.ResponseMessage;
			
@@ -100,7 +101,7 @@ public class AuthorizeController {
 
				                 error_time = 0l;
			
 
				             }
			
 
				             if (error_number >= maxErrorNumber)
			
 
				-                throw new AuthorizeException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!", 400);
			
 
				+                throw new AuthorizeForbiddenException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!");
			
 
				         }
			
 
				         User user = userService.selectByUserName(username);
			
 
				         if (user == null || user.getStatus() != 1) throw new NotFoundException("用户不存在或已注销");
			
@@ -109,7 +110,7 @@ public class AuthorizeController {
 
				             if (error_number == null) error_number = 0;
			
 
				             cache.put(timeCacheKey, System.currentTimeMillis());
			
 
				             cache.put(numberCacheKey, ++error_number);
			
 
				-            throw new AuthorizeException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次", 400);
			
 
				+            throw new AuthorizeForbiddenException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次");
			
 
				         }
			
 
				         cache.evict(timeCacheKey);
			
 
				         cache.evict(numberCacheKey);
			
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/validator/SimpleAuthorizeValidatorConfig.java
@@ -3,6 +3,7 @@ package org.hsweb.web.core.authorize.validator;
 
				 import org.hsweb.web.core.authorize.AuthorizeValidatorConfig;
			
 
				 import org.hsweb.web.core.authorize.annotation.Authorize;
			
 
				 import org.hsweb.web.core.exception.AuthorizeException;
			
 
				+import org.hsweb.web.core.exception.AuthorizeForbiddenException;
			
 
				 import org.webbuilder.utils.common.StringUtils;
			
 
				 import org.webbuilder.utils.script.engine.DynamicScriptEngine;
			
 
				 import org.webbuilder.utils.script.engine.DynamicScriptEngineFactory;
			
@@ -53,7 +54,7 @@ public class SimpleAuthorizeValidatorConfig implements AuthorizeValidatorConfig
 
				             engine.compile(id, expression);
			
 
				             expressions.add(new Expression(id, language));
			
 
				         } catch (Exception e) {
			
 
				-            throw new AuthorizeException("compile expression error", e, 403);
			
 
				+            throw new AuthorizeForbiddenException("compile expression error", e, 403);
			
 
				         }
			
 
				         return this;
			
 
				     }