feat(security): 添加自定义认证和授权异常处理器

- 新增 JwtAccessDeniedHandler 处理权限不足异常
- 新增 JwtAuthenticationEntryPoint 处理认证失败异常- 在 SecurityConfig 中集成自定义异常处理器
- 优化 GlobalExceptionHandler 中的异常日志输出

biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java

@@ -1,9 +1,7 @@
 package com.test.bijihoudaun.config;
 
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import com.test.bijihoudaun.config.security.JwtAccessDeniedHandler;
+import com.test.bijihoudaun.config.security.JwtAuthenticationEntryPoint;
 import com.test.bijihoudaun.interceptor.JwtAuthenticationTokenFilter;
 import com.test.bijihoudaun.util.JwtTokenUtil;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -29,6 +27,12 @@ public class SecurityConfig {
     @Autowired
     private JwtTokenUtil jwtTokenUtil;
 
+    @Autowired
+    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+
+    @Autowired
+    private JwtAccessDeniedHandler jwtAccessDeniedHandler;
+
     @Value("${jwt.header}")
     private String tokenHeader;
 
@@ -51,6 +55,11 @@ public class SecurityConfig {
                         .requestMatchers("/doc.html", "/webjars/**", "/v3/api-docs/**", "/api/user/login", "/api/user/register").permitAll()
                         .requestMatchers(org.springframework.http.HttpMethod.GET).permitAll()
                         .anyRequest().authenticated()
+                )
+                // 添加自定义的异常处理器
+                .exceptionHandling(exceptions -> exceptions
+                        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
+                        .accessDeniedHandler(jwtAccessDeniedHandler)
                 );
 
         // 在这里添加JWT过滤器