init

src/main/java/com/tanqidi/survey/config/OAuth2LoginSecurityConfig.java

@@ -56,13 +56,17 @@ public class OAuth2LoginSecurityConfig {
                 .oauth2Login(oauth2 -> oauth2 //
                         .userInfoEndpoint(userInfo -> userInfo //
                                 .oidcUserService(this.oidcUserService())))
-                .csrf(csrf -> csrf //
-                        // https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#csrf-token-repository-cookie
+                .csrf(csrf -> csrf
                         .ignoringRequestMatchers("/logout", "/api"))
-                .logout(logout -> logout //
-                        .addLogoutHandler(new KeycloakLogoutHandler(restTemplateBuilder.build())) //
-                        // https://docs.spring.io/spring-security/reference/servlet/authentication/logout.html#clear-all-site-data
-                        .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(Directive.ALL))));
+                .logout(logout -> logout
+                        .addLogoutHandler(new KeycloakLogoutHandler(restTemplateBuilder.build()))
+                        .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(Directive.ALL))))
+                .exceptionHandling(handling -> handling
+                        .accessDeniedHandler((request, response, exception) -> {
+                            response.setContentType("application/json;charset=UTF-8");
+                            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+                            response.getWriter().write("{\"code\":403,\"message\":\"没有权限访问该资源\",\"data\":null}");
+                        }));
         return http.build();
     }