zkh/zkh-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: zkh:3d4bec6e963eadb1c6e1ef5efa19fb1b60ed4bd8
Branches Tags
zkh:master
..
compare: zkh:01d29e6ec3dc22fc33303b26a70cb92c63872cf5
Branches Tags
zkh:master

2 Commits
3d4bec6e96 ... 01d29e6ec3

Author SHA1 Message Date
zkh
01d29e6ec3 feat(security): 更新安全配置并升级框架版本 
- 将父项目版本从 1.5.7 升级到 1.5.8
- 在 WebSecurityConfig 中注入 SecurityProps 配置
- 修改 CustomAuthenticationEntryPoint 构造函数以接受 securityProps 参数
- 将硬编码的访问令牌持续时间替换为 securityProps 配置值
- 将认证失败响应状态码从 401 更改为 40
- 为 zkh-web 模块添加 spring-boot-starter-aop 依赖
 2026-01-21 12:04:00 +08:00
zkh
06b5258824 refactor(error): 移除全局异常处理器中的重复状态码注解 
- 移除 MethodArgumentNotValidException 处理器的 @ResponseStatus 注解
- 移除 ConstraintViolationException 处理器的 @ResponseStatus 注解
- 统一通过返回结果对象控制响应状态码
- 简化异常处理逻辑,提高代码一致性
 2026-01-17 12:25:28 +08:00
8 changed files with 15 additions and 12 deletions
Expand all files Collapse all files

2
pom.xml
View File

@ -6,7 +6,7 @@
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
<packaging>pom</packaging>
<name>ZKH Framework</name>
<description>A Java framework for ZKH applications</description>

2
zkh-common/pom.xml
View File

@ -6,7 +6,7 @@
<parent>
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
</parent>
<artifactId>zkh-common</artifactId>

2
zkh-data/pom.xml
View File

@ -6,7 +6,7 @@
<parent>
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
</parent>
<artifactId>zkh-data</artifactId>

2
zkh-file/pom.xml
View File

@ -6,7 +6,7 @@
<parent>
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
</parent>
<artifactId>zkh-file</artifactId>

2
zkh-log/pom.xml
View File

@ -6,7 +6,7 @@
<parent>
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
</parent>
<artifactId>zkh-log</artifactId>

6
zkh-web/pom.xml
View File

@ -7,7 +7,7 @@
<parent>
<groupId>vip.jcfd</groupId>
<artifactId>zkh-framework</artifactId>
<version>1.5.7</version>
<version>1.5.8</version>
</parent>
<artifactId>zkh-web</artifactId>
@ -23,6 +23,10 @@
<groupId>vip.jcfd</groupId>
<artifactId>zkh-log</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>

2
zkh-web/src/main/java/vip/jcfd/web/config/GlobalExceptionHandler.java
View File

@ -64,7 +64,6 @@ public class GlobalExceptionHandler {
* 处理 @RequestBody + @Valid 校验失败
*/
@ExceptionHandler(MethodArgumentNotValidException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public R<?> handleMethodArgumentNotValid(MethodArgumentNotValidException ex) {
log.error("接口入参校验失败", ex);
BindingResult bindingResult = ex.getBindingResult();
@ -82,7 +81,6 @@ public class GlobalExceptionHandler {
* 处理 @RequestParam / @PathVariable 校验失败
*/
@ExceptionHandler(ConstraintViolationException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public R<?> handleConstraintViolation(ConstraintViolationException ex) {
log.error("接口入参校验失败", ex);
String msg = ex.getConstraintViolations()

9
zkh-web/src/main/java/vip/jcfd/web/config/WebSecurityConfig.java
View File

@ -115,7 +115,7 @@ public class WebSecurityConfig {
config.requestMatchers(securityProps.getIgnoreUrls()).permitAll();
config.anyRequest().authenticated();
});
CustomAuthenticationEntryPoint authenticationEntryPoint = new CustomAuthenticationEntryPoint(objectMapper, tokenRedisStorage);
CustomAuthenticationEntryPoint authenticationEntryPoint = new CustomAuthenticationEntryPoint(objectMapper, tokenRedisStorage, securityProps);
http.formLogin(config -> {
config.loginProcessingUrl("/login");
});
@ -140,7 +140,8 @@ public class WebSecurityConfig {
private record CustomAuthenticationEntryPoint(
ObjectMapper objectMapper,
TokenRedisStorage tokenRedisStorage) implements AuthenticationEntryPoint, AuthenticationFailureHandler, AuthenticationSuccessHandler {
TokenRedisStorage tokenRedisStorage,
SecurityProps securityProps) implements AuthenticationEntryPoint, AuthenticationFailureHandler, AuthenticationSuccessHandler {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
log.warn("访问 {} ,但是认证失败", request.getRequestURI(), authException);
@ -152,7 +153,7 @@ public class WebSecurityConfig {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
log.warn("登录失败", exception);
R<Object> data = new R<>(HttpServletResponse.SC_UNAUTHORIZED, "用户名或密码错误", false, null);
R<Object> data = new R<>(HttpServletResponse.SC_BAD_REQUEST, "用户名或密码错误", false, null);
response.setContentType("application/json;charset=UTF-8");
objectMapper.writeValue(response.getWriter(), data);
}
@ -177,7 +178,7 @@ public class WebSecurityConfig {
accessToken,
refreshToken,
"Bearer",
1800, // 30分钟秒数
securityProps.getDuration().getSeconds(), // 30分钟秒数
authentication.getName()
);