From 7e38a3a194461babe5b5d942ec47547271e54a8e Mon Sep 17 00:00:00 2001
From: FatttSnake <fatttsnake@gmail.com>
Date: Sat, 6 May 2023 03:13:29 +0800
Subject: [PATCH] Added login failure handler

---
 .../cfive/pinnacle/config/SecurityConfig.java |  8 ++++++++
 .../pinnacle/entity/common/ResponseCode.java  |  1 +
 .../pinnacle/handler/AccessDeniedHandler.java | 19 +++++++++++++++++++
 .../AuthenticationEntryPointHandler.java      | 11 ++++++++++-
 4 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 Pinnacle/src/main/java/com/cfive/pinnacle/handler/AccessDeniedHandler.java

diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java b/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java
index 40920e2..84dcef0 100644
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 package com.cfive.pinnacle.config;
 
 import com.cfive.pinnacle.filter.JwtAuthenticationTokenFilter;
+import com.cfive.pinnacle.handler.AccessDeniedHandler;
 import com.cfive.pinnacle.handler.AuthenticationEntryPointHandler;
 import com.cfive.pinnacle.service.permission.impl.UserDetailsServiceImpl;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -25,6 +26,7 @@ public class SecurityConfig {
     private UserDetailsServiceImpl userDetailsService;
     private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
     private AuthenticationEntryPointHandler authenticationEntryPointHandler;
+    private AccessDeniedHandler accessDeniedHandler;
 
     @Autowired
     public void setUserDetailsService(UserDetailsServiceImpl userDetailsService) {
@@ -41,6 +43,11 @@ public class SecurityConfig {
         this.authenticationEntryPointHandler = authenticationEntryPointHandler;
     }
 
+    @Autowired
+    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
+        this.accessDeniedHandler = accessDeniedHandler;
+    }
+
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
@@ -94,6 +101,7 @@ public class SecurityConfig {
 
                 .exceptionHandling()
                 .authenticationEntryPoint(authenticationEntryPointHandler)
+                .accessDeniedHandler(accessDeniedHandler)
                 .and()
 
                 .cors()
diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/entity/common/ResponseCode.java b/Pinnacle/src/main/java/com/cfive/pinnacle/entity/common/ResponseCode.java
index 3649e12..4ff73df 100644
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/entity/common/ResponseCode.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/entity/common/ResponseCode.java
@@ -22,6 +22,7 @@ public class ResponseCode {
     public static final int DATABASE_CONNECT_ERROR = 20036;
 
     public static final int UNAUTHORIZED = 30010;
+    public static final int ACCESS_DENIED = 30030;
 
     public static final int SYSTEM_ERROR = 50001;
     public static final int SYSTEM_TIMEOUT = 50002;
diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AccessDeniedHandler.java b/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AccessDeniedHandler.java
new file mode 100644
index 0000000..785d425
--- /dev/null
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AccessDeniedHandler.java
@@ -0,0 +1,19 @@
+package com.cfive.pinnacle.handler;
+
+import com.cfive.pinnacle.entity.common.ResponseCode;
+import com.cfive.pinnacle.utils.WebUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class AccessDeniedHandler implements org.springframework.security.web.access.AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
+        String objectResponse = WebUtil.objectResponse(ResponseCode.ACCESS_DENIED, "Access denied", null);
+        WebUtil.renderString(response, objectResponse);
+    }
+}
diff --git a/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AuthenticationEntryPointHandler.java b/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AuthenticationEntryPointHandler.java
index c49dfa0..30f9231 100644
--- a/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AuthenticationEntryPointHandler.java
+++ b/Pinnacle/src/main/java/com/cfive/pinnacle/handler/AuthenticationEntryPointHandler.java
@@ -4,6 +4,8 @@ import com.cfive.pinnacle.entity.common.ResponseCode;
 import com.cfive.pinnacle.utils.WebUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
@@ -14,7 +16,14 @@ import java.io.IOException;
 public class AuthenticationEntryPointHandler implements AuthenticationEntryPoint {
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
-        String objectResponse = WebUtil.objectResponse(ResponseCode.UNAUTHORIZED, "Unauthorized access", null);
+        String objectResponse;
+        if (authException instanceof BadCredentialsException) {
+            objectResponse = WebUtil.objectResponse(ResponseCode.LOGOUT_FAILED, authException.getMessage(), null);
+        } else if (authException instanceof InsufficientAuthenticationException) {
+            objectResponse = WebUtil.objectResponse(ResponseCode.UNAUTHORIZED, authException.getMessage(), null);
+        } else {
+            objectResponse = WebUtil.objectResponse(ResponseCode.UNAUTHORIZED, authException.getClass().toString() + ": " + authException.getMessage(), null);
+        }
         WebUtil.renderString(response, objectResponse);
     }
 }