From 1f2a56dd37fd3252b544cd831439afd820f4024b Mon Sep 17 00:00:00 2001 From: wangxiangshun Date: Sun, 26 Oct 2025 13:03:34 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BC=82=E5=B8=B8=E4=BF=A1=E6=81=AF=E5=A4=84?= =?UTF-8?q?=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/resources/application.yml | 4 +++ .../web/exception/GlobalExceptionHandler.java | 30 +++++++++++++------ .../web/service/SysRegisterService.java | 1 + 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/vetti-admin/src/main/resources/application.yml b/vetti-admin/src/main/resources/application.yml index 92c58d2..971effa 100644 --- a/vetti-admin/src/main/resources/application.yml +++ b/vetti-admin/src/main/resources/application.yml @@ -70,6 +70,10 @@ swagger: pathMapping: /prod-api #################################### Swagger end ################################### +server: + error: + include-stacktrace: never # 永不输出 trace 信息 + # 防止XSS攻击 xss: # 过滤开关 diff --git a/vetti-framework/src/main/java/com/vetti/framework/web/exception/GlobalExceptionHandler.java b/vetti-framework/src/main/java/com/vetti/framework/web/exception/GlobalExceptionHandler.java index a845e25..17a18f9 100644 --- a/vetti-framework/src/main/java/com/vetti/framework/web/exception/GlobalExceptionHandler.java +++ b/vetti-framework/src/main/java/com/vetti/framework/web/exception/GlobalExceptionHandler.java @@ -1,6 +1,8 @@ package com.vetti.framework.web.exception; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.access.AccessDeniedException; @@ -29,13 +31,15 @@ public class GlobalExceptionHandler { private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class); + /** * 权限校验异常 */ @ExceptionHandler(AccessDeniedException.class) - public AjaxResult handleAccessDeniedException(AccessDeniedException e, HttpServletRequest request) + public AjaxResult handleAccessDeniedException(AccessDeniedException e, HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); + response.setStatus(HttpStatus.FORBIDDEN); log.error("请求地址'{}',权限校验失败'{}'", requestURI, e.getMessage()); return AjaxResult.error(HttpStatus.FORBIDDEN, "没有权限,请联系管理员授权"); } @@ -45,10 +49,11 @@ public class GlobalExceptionHandler */ @ExceptionHandler(HttpRequestMethodNotSupportedException.class) public AjaxResult handleHttpRequestMethodNotSupported(HttpRequestMethodNotSupportedException e, - HttpServletRequest request) + HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); log.error("请求地址'{}',不支持'{}'请求", requestURI, e.getMethod()); + response.setStatus(HttpStatus.ERROR); return AjaxResult.error(e.getMessage()); } @@ -56,10 +61,11 @@ public class GlobalExceptionHandler * 业务异常 */ @ExceptionHandler(ServiceException.class) - public AjaxResult handleServiceException(ServiceException e, HttpServletRequest request) + public AjaxResult handleServiceException(ServiceException e, HttpServletRequest request, HttpServletResponse response) { log.error(e.getMessage(), e); Integer code = e.getCode(); + response.setStatus(code); return StringUtils.isNotNull(code) ? AjaxResult.error(code, e.getMessage()) : AjaxResult.error(e.getMessage()); } @@ -67,10 +73,11 @@ public class GlobalExceptionHandler * 请求路径中缺少必需的路径变量 */ @ExceptionHandler(MissingPathVariableException.class) - public AjaxResult handleMissingPathVariableException(MissingPathVariableException e, HttpServletRequest request) + public AjaxResult handleMissingPathVariableException(MissingPathVariableException e, HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); log.error("请求路径中缺少必需的路径变量'{}',发生系统异常.", requestURI, e); + response.setStatus(HttpStatus.ERROR); return AjaxResult.error(String.format("请求路径中缺少必需的路径变量[%s]", e.getVariableName())); } @@ -78,7 +85,7 @@ public class GlobalExceptionHandler * 请求参数类型不匹配 */ @ExceptionHandler(MethodArgumentTypeMismatchException.class) - public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request) + public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); String value = Convert.toStr(e.getValue()); @@ -86,6 +93,7 @@ public class GlobalExceptionHandler { value = EscapeUtil.clean(value); } + response.setStatus(HttpStatus.ERROR); log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e); return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value)); } @@ -94,10 +102,11 @@ public class GlobalExceptionHandler * 拦截未知的运行时异常 */ @ExceptionHandler(RuntimeException.class) - public AjaxResult handleRuntimeException(RuntimeException e, HttpServletRequest request) + public AjaxResult handleRuntimeException(RuntimeException e, HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); log.error("请求地址'{}',发生未知异常.", requestURI, e); + response.setStatus(HttpStatus.ERROR); return AjaxResult.error(e.getMessage()); } @@ -105,10 +114,11 @@ public class GlobalExceptionHandler * 系统异常 */ @ExceptionHandler(Exception.class) - public AjaxResult handleException(Exception e, HttpServletRequest request) + public AjaxResult handleException(Exception e, HttpServletRequest request, HttpServletResponse response) { String requestURI = request.getRequestURI(); log.error("请求地址'{}',发生系统异常.", requestURI, e); + response.setStatus(HttpStatus.ERROR); return AjaxResult.error(e.getMessage()); } @@ -116,9 +126,10 @@ public class GlobalExceptionHandler * 自定义验证异常 */ @ExceptionHandler(BindException.class) - public AjaxResult handleBindException(BindException e) + public AjaxResult handleBindException(BindException e, HttpServletResponse response) { log.error(e.getMessage(), e); + response.setStatus(HttpStatus.ERROR); String message = e.getAllErrors().get(0).getDefaultMessage(); return AjaxResult.error(message); } @@ -127,9 +138,10 @@ public class GlobalExceptionHandler * 自定义验证异常 */ @ExceptionHandler(MethodArgumentNotValidException.class) - public Object handleMethodArgumentNotValidException(MethodArgumentNotValidException e) + public Object handleMethodArgumentNotValidException(MethodArgumentNotValidException e, HttpServletResponse response) { log.error(e.getMessage(), e); + response.setStatus(HttpStatus.ERROR); String message = e.getBindingResult().getFieldError().getDefaultMessage(); return AjaxResult.error(message); } diff --git a/vetti-framework/src/main/java/com/vetti/framework/web/service/SysRegisterService.java b/vetti-framework/src/main/java/com/vetti/framework/web/service/SysRegisterService.java index 9c87374..0f25ba0 100644 --- a/vetti-framework/src/main/java/com/vetti/framework/web/service/SysRegisterService.java +++ b/vetti-framework/src/main/java/com/vetti/framework/web/service/SysRegisterService.java @@ -61,6 +61,7 @@ public class SysRegisterService //方便测试app的让过 if (!loginWhitelist.contains(registerBody.getUsername())) { throw new ServiceException(MessageUtils.messageCustomize("systemExceptionSysAppLoginServiceImpl10005")); +// throw new IllegalArgumentException(MessageUtils.messageCustomize("systemExceptionSysAppLoginServiceImpl10005")); } } }