未登录或权限不足返回修改

o2server/x_base_core_project/src/main/java/com/x/base/core/project/exception/ExceptionUnauthorized.java

+package com.x.base.core.project.exception;
+
+public class ExceptionUnauthorized extends LanguagePromptException {
+
+	private static final long serialVersionUID = 8121998765154409958L;
+
+	public ExceptionUnauthorized() {
+		super("会话已过期或未登录.");
+	}
+}

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherJaxrsFilter.java

@@ -11,10 +11,10 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.http.EffectivePerson;
-import com.x.base.core.project.http.FilterTools;
-import com.x.base.core.project.http.HttpToken;
-import com.x.base.core.project.http.TokenType;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionUnauthorized;
+import com.x.base.core.project.http.*;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 必须由前台已经登陆的用户访问
@@ -30,11 +30,30 @@ public abstract class CipherJaxrsFilter extends TokenFilter {
 			if (!request.getMethod().equalsIgnoreCase("options")) {
 				HttpToken httpToken = new HttpToken();
 				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
-				if (!TokenType.cipher.equals(effectivePerson.getTokenType())) {
+				if (TokenType.anonymous.equals(effectivePerson.getTokenType())) {
+					/** 401 Unauthorized 未登录访问被拒绝 */
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+					response.setHeader("Content-Type", "application/json;charset=UTF-8");
+					ActionResult result = new ActionResult();
+					ExceptionUnauthorized e = new ExceptionUnauthorized();
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
+				} else if (!TokenType.cipher.equals(effectivePerson.getTokenType())) {
 					/** 需要自己标志500 */
-					response.setStatus(500);
+					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 					response.setHeader("Content-Type", "application/json;charset=UTF-8");
-					response.getWriter().write(FilterTools.Application_Not_Cipher_Json);
+					ActionResult result = new ActionResult();
+					ExceptionAccessDenied e = new ExceptionAccessDenied(effectivePerson);
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
 				} else {
 					chain.doFilter(request, response);
 				}

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerJaxrsFilter.java

@@ -11,10 +11,10 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.http.EffectivePerson;
-import com.x.base.core.project.http.FilterTools;
-import com.x.base.core.project.http.HttpToken;
-import com.x.base.core.project.http.TokenType;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionUnauthorized;
+import com.x.base.core.project.http.*;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 必须由前台已经登陆的用户访问
@@ -30,12 +30,31 @@ public abstract class CipherManagerJaxrsFilter extends TokenFilter {
 			if (!request.getMethod().equalsIgnoreCase("options")) {
 				HttpToken httpToken = new HttpToken();
 				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
-				if ((!TokenType.cipher.equals(effectivePerson.getTokenType()))
+				if (TokenType.anonymous.equals(effectivePerson.getTokenType())) {
+					/** 401 Unauthorized 未登录访问被拒绝 */
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+					response.setHeader("Content-Type", "application/json;charset=UTF-8");
+					ActionResult result = new ActionResult();
+					ExceptionUnauthorized e = new ExceptionUnauthorized();
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
+				} else if ((!TokenType.cipher.equals(effectivePerson.getTokenType()))
 						&& (!TokenType.manager.equals(effectivePerson.getTokenType()))) {
 					/** 需要自己标志500 */
-					response.setStatus(500);
+					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 					response.setHeader("Content-Type", "application/json;charset=UTF-8");
-					response.getWriter().write(FilterTools.Application_Not_CipherManager_Json);
+					ActionResult result = new ActionResult();
+					ExceptionAccessDenied e = new ExceptionAccessDenied(effectivePerson);
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
 				} else {
 					chain.doFilter(request, response);
 				}

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/CipherManagerUserJaxrsFilter.java

@@ -11,10 +11,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.http.EffectivePerson;
-import com.x.base.core.project.http.FilterTools;
-import com.x.base.core.project.http.HttpToken;
-import com.x.base.core.project.http.TokenType;
+import com.x.base.core.project.exception.ExceptionUnauthorized;
+import com.x.base.core.project.http.*;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 必须由前台已经登陆的用户访问
@@ -31,10 +30,17 @@ public abstract class CipherManagerUserJaxrsFilter extends TokenFilter {
 				HttpToken httpToken = new HttpToken();
 				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
 				if (TokenType.anonymous.equals(effectivePerson.getTokenType())) {
-					/** 需要自己标志500 */
-					response.setStatus(500);
+					/** 401 Unauthorized 未登录访问被拒绝 */
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 					response.setHeader("Content-Type", "application/json;charset=UTF-8");
-					response.getWriter().write(FilterTools.Application_Not_CipherManagerUser_Json);
+					ActionResult result = new ActionResult();
+					ExceptionUnauthorized e = new ExceptionUnauthorized();
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
 				} else {
 					chain.doFilter(request, response);
 				}

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/ManagerUserJaxrsFilter.java

@@ -11,10 +11,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.http.EffectivePerson;
-import com.x.base.core.project.http.FilterTools;
-import com.x.base.core.project.http.HttpToken;
-import com.x.base.core.project.http.TokenType;
+import com.x.base.core.project.exception.ExceptionUnauthorized;
+import com.x.base.core.project.http.*;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 必须由前台已经登陆的用户访问
@@ -31,11 +30,18 @@ public abstract class ManagerUserJaxrsFilter extends TokenFilter {
 				HttpToken httpToken = new HttpToken();
 				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
 				if (TokenType.anonymous.equals(effectivePerson.getTokenType())) {
-					/** 需要自己标志500 */
-					response.setStatus(500);
+					/** 401 Unauthorized 未登录访问被拒绝 */
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 					response.setHeader("Content-Type", "application/json;charset=UTF-8");
-					response.getWriter().write(FilterTools.Application_Not_ManagerUser_Json);
-				} else {
+					ActionResult result = new ActionResult();
+					ExceptionUnauthorized e = new ExceptionUnauthorized();
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
+				}  else {
 					chain.doFilter(request, response);
 				}
 			} else {

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/UserJaxrsFilter.java

@@ -11,10 +11,10 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.http.EffectivePerson;
-import com.x.base.core.project.http.FilterTools;
-import com.x.base.core.project.http.HttpToken;
-import com.x.base.core.project.http.TokenType;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionUnauthorized;
+import com.x.base.core.project.http.*;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 必须由前台已经登陆的用户访问
@@ -30,11 +30,30 @@ public abstract class UserJaxrsFilter extends TokenFilter {
 			if (!request.getMethod().equalsIgnoreCase("options")) {
 				HttpToken httpToken = new HttpToken();
 				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
-				if (!TokenType.user.equals(effectivePerson.getTokenType())) {
+				if (TokenType.anonymous.equals(effectivePerson.getTokenType())) {
+					/** 401 Unauthorized 未登录访问被拒绝 */
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+					response.setHeader("Content-Type", "application/json;charset=UTF-8");
+					ActionResult result = new ActionResult();
+					ExceptionUnauthorized e = new ExceptionUnauthorized();
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
+				} if (!TokenType.user.equals(effectivePerson.getTokenType())) {
 					/** 需要自己标志500 */
-					response.setStatus(500);
+					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 					response.setHeader("Content-Type", "application/json;charset=UTF-8");
-					response.getWriter().write(FilterTools.Application_Not_User_Json);
+					ActionResult result = new ActionResult();
+					ExceptionAccessDenied e = new ExceptionAccessDenied(effectivePerson);
+					result.error(e);
+					String message = e.getFormatMessage(result.getPrompt(), request.getHeader(ResponseFactory.Accept_Language));
+					if(StringUtils.isNotBlank(message)) {
+						result.setMessage(message);
+					}
+					response.getWriter().write(result.toJson());
 				} else {
 					chain.doFilter(request, response);
 				}