初始化

pqs-auth/src/main/java/com/njcn/auth/exception/AuthExceptionHandler.java

@@ -0,0 +1,88 @@
+package com.njcn.auth.exception;
+
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.nimbusds.jose.JWSObject;
+import com.njcn.common.pojo.constant.LogInfo;
+import com.njcn.common.pojo.constant.SecurityConstants;
+import com.njcn.common.pojo.response.HttpResult;
+import com.njcn.common.utils.HttpResultUtil;
+import com.njcn.user.api.UserFeignClient;
+import com.njcn.user.enums.UserResponseEnum;
+import com.njcn.web.service.ILogService;
+import com.njcn.web.utils.RequestUtil;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author hongawen
+ * @version 1.0.0
+ * @date 2021年05月17日 12:46
+ */
+@Slf4j
+@RestControllerAdvice
+@RequiredArgsConstructor
+public class AuthExceptionHandler {
+
+    private final UserFeignClient userFeignClient;
+
+    private final ILogService logService;
+
+    /**
+     * 用户名和密码非法
+     */
+    @ExceptionHandler(InvalidGrantException.class)
+    public HttpResult<String> handleInvalidGrantException(HttpServletRequest httpServletRequest, InvalidGrantException invalidGrantException) {
+        String loginName = invalidGrantException.getMessage();
+        logService.recodeAuthExceptionLog(invalidGrantException, httpServletRequest, UserResponseEnum.LOGIN_WRONG_PWD.getMessage(), loginName);
+        HttpResult<String> result = userFeignClient.updateUserLoginErrorTimes(loginName);
+        if (result.getData().equals(UserResponseEnum.LOGIN_USER_LOCKED.getMessage())) {
+            return HttpResultUtil.assembleResult(UserResponseEnum.LOGIN_USER_LOCKED.getCode(), null, UserResponseEnum.LOGIN_USER_LOCKED.getMessage());
+        } else {
+            return HttpResultUtil.assembleResult(UserResponseEnum.LOGIN_WRONG_PWD.getCode(), null, UserResponseEnum.LOGIN_WRONG_PWD.getMessage());
+        }
+    }
+
+
+    /**
+     * 不支持的认证方式
+     * <p>
+     * 不支持的认证方式 目前支持：用户名密码：password、刷新token：refresh-token
+     */
+    @ExceptionHandler(UnsupportedGrantTypeException.class)
+    public HttpResult<String> unsupportedGrantTypeExceptionException(HttpServletRequest httpServletRequest, UnsupportedGrantTypeException unsupportedGrantTypeException) {
+        String loginName = RequestUtil.getLoginName(httpServletRequest);
+        logService.recodeAuthExceptionLog(unsupportedGrantTypeException, httpServletRequest, UserResponseEnum.UNSUPPORTED_GRANT_TYPE.getMessage(), loginName);
+        return HttpResultUtil.assembleResult(UserResponseEnum.UNSUPPORTED_GRANT_TYPE.getCode(), null, UserResponseEnum.UNSUPPORTED_GRANT_TYPE.getMessage());
+    }
+
+    /**
+     * oAuth2中token校验异常
+     */
+    @SneakyThrows
+    @ExceptionHandler(InvalidTokenException.class)
+    public HttpResult<String> invalidTokenExceptionException(HttpServletRequest httpServletRequest, InvalidTokenException invalidTokenException) {
+        final String EXPIRED_KEY = "Invalid refresh token (expired):";
+        if (invalidTokenException.getMessage().startsWith(EXPIRED_KEY)) {
+            String message = invalidTokenException.getMessage();
+            message = message.substring(EXPIRED_KEY.length());
+            JWSObject jwsObject = JWSObject.parse(message);
+            String payload = jwsObject.getPayload().toString();
+            JSONObject jsonObject = JSONUtil.parseObj(payload);
+            logService.recodeAuthExceptionLog(invalidTokenException, httpServletRequest, UserResponseEnum.REFRESH_TOKEN_EXPIRE_JWT.getMessage(), jsonObject.getStr(SecurityConstants.USER_NAME_KEY));
+            return HttpResultUtil.assembleResult(UserResponseEnum.REFRESH_TOKEN_EXPIRE_JWT.getCode(), null, UserResponseEnum.REFRESH_TOKEN_EXPIRE_JWT.getMessage());
+        }
+        logService.recodeAuthExceptionLog(invalidTokenException, httpServletRequest, UserResponseEnum.PARSE_TOKEN_FORBIDDEN_JWT.getMessage(), LogInfo.UNKNOWN_USER);
+        return HttpResultUtil.assembleResult(UserResponseEnum.PARSE_TOKEN_FORBIDDEN_JWT.getCode(), null, UserResponseEnum.PARSE_TOKEN_FORBIDDEN_JWT.getMessage());
+    }
+
+
+}