SpringBoot?Security的自定義異常處理
SpringBoot Security自定義異常
access_denied 方面異常
原異常
{ "error": "access_denied", "error_description": "不允許訪問" }
現(xiàn)異常
{ "success": false, "error": "access_denied", "status": 403, "message": "不允許訪問", "path": "/user/get1", "timestamp": 1592378892768 }
實(shí)現(xiàn)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(ResourceServerSecurityConfigurer resources) { // access_denied 方面異常 OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler = new OAuth2AccessDeniedHandler(); oAuth2AccessDeniedHandler.setExceptionTranslator(new CustomWebResponseExceptionTranslator()); resources.accessDeniedHandler(oAuth2AccessDeniedHandler); } }
Invalid access token 方面異常
原異常
{ "error": "invalid_token", "error_description": "Invalid access token: 4eb58ecf-e66de-4155-9477-64a1c9805cc8" }
現(xiàn)異常
{ "success": false, "error": "invalid_token", "status": 401, "message": "Invalid access token: 8cd45925dbf6-4502-bd13-8101bc6e1d4b", "path": "/user/get1", "timestamp": 1592378949452 }
實(shí)現(xiàn)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(ResourceServerSecurityConfigurer resources) { // Invalid access token 方面異常 OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); authenticationEntryPoint.setExceptionTranslator(new CustomWebResponseExceptionTranslator()); resources.authenticationEntryPoint(authenticationEntryPoint); } }
Bad credentials 方面異常(登陸出錯(cuò))
原異常
{ "error": "invalid_grant", "error_description": "用戶名或密碼錯(cuò)誤" }
現(xiàn)異常
{ "success": false, "error": "invalid_grant", "status": 400, "message": "用戶名或密碼錯(cuò)誤", "path": "/oauth/token", "timestamp": 1592384576019 }
實(shí)現(xiàn)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints.userDetailsService(detailsService) .tokenStore(memoryTokenStore()) .exceptionTranslator(new CustomWebResponseExceptionTranslator()) .authenticationManager(authenticationManager) //接收GET和POST .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); } }
其他類
@Getter @JsonSerialize(using = CustomOauthExceptionSerializer.class) public class CustomOauthException extends OAuth2Exception { private String oAuth2ErrorCode; private int httpErrorCode; public CustomOauthException(String msg, String oAuth2ErrorCode, int httpErrorCode) { super(msg); this.oAuth2ErrorCode = oAuth2ErrorCode; this.httpErrorCode = httpErrorCode; } }
public class CustomOauthExceptionSerializer extends StdSerializer<CustomOauthException> { private static final long serialVersionUID = 2652127645704345563L; public CustomOauthExceptionSerializer() { super(CustomOauthException.class); } @Override public void serialize(CustomOauthException value, JsonGenerator gen, SerializerProvider provider) throws IOException { gen.writeStartObject(); HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); gen.writeObjectField("success",false); gen.writeObjectField("error",value.getOAuth2ErrorCode()); gen.writeObjectField("status", value.getHttpErrorCode()); gen.writeObjectField("message", value.getMessage()); gen.writeObjectField("path", request.getServletPath()); gen.writeObjectField("timestamp", (new Date()).getTime()); if (value.getAdditionalInformation()!=null) { for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) { String key = entry.getKey(); String add = entry.getValue(); gen.writeObjectField(key, add); } } gen.writeEndObject(); } }
public class CustomWebResponseExceptionTranslator extends DefaultWebResponseExceptionTranslator { @Override public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception { ResponseEntity<OAuth2Exception> translate = super.translate(e); OAuth2Exception body = translate.getBody(); CustomOauthException customOauthException = new CustomOauthException(body.getMessage(),body.getOAuth2ErrorCode(),body.getHttpErrorCode()); ResponseEntity<OAuth2Exception> response = new ResponseEntity<>(customOauthException, translate.getHeaders(), translate.getStatusCode()); return response; } }
補(bǔ)充
{ "error": "invalid_client", "error_description": "Bad client credentials" }
如果client_secret錯(cuò)誤依然還是報(bào)錯(cuò),如上內(nèi)容,針對(duì)這個(gè)異常需要在如下方法中的addTokenEndpointAuthenticationFilter添加過濾器處理
@Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) { oauthServer // 開啟/oauth/token_key驗(yàn)證端口無權(quán)限訪問 .tokenKeyAccess("permitAll()") // 開啟/oauth/check_token驗(yàn)證端口認(rèn)證權(quán)限訪問 .checkTokenAccess("isAuthenticated()") .addTokenEndpointAuthenticationFilter(null) .allowFormAuthenticationForClients(); }
SpringSecurity自定義響應(yīng)異常信息
此處的異常信息設(shè)置的話,其中還是有坑的,比如你想自定義token過期信息,無效token這些,如果按照SpringSecurity的設(shè)置是不會(huì)生效的,需要加到資源的配置中。
如果只是SpringSecurity的話,只需要實(shí)現(xiàn)AccessDeniedHandler和AuthenticationEntryPoint這2個(gè)接口就可以了。他們都是在ExceptionTranslationFilter中生效的。
AuthenticationEntryPoint
用來解決匿名用戶訪問無權(quán)限資源時(shí)的異常ruAccessDeineHandler
用來解決認(rèn)證過的用戶訪問無權(quán)限資源時(shí)的異常
如果你想自定義token過期的話,需要實(shí)現(xiàn)AuthenticationEntryPoint這個(gè)接口,因?yàn)閠oken過期了,訪問的話也算是匿名訪問。
但是SpringSecurity的過濾器鏈中其實(shí)是有順序的,校驗(yàn)token的OAuth2AuthenticationProcessingFilter在它前面,導(dǎo)致一直沒有辦法生效,所有需要添加到資源的配置上,demo如下:
/** * @author WGR * @create 2021/8/23 -- 16:52 */ @Component public class SimpleAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws ServletException { Throwable cause = authException.getCause(); try { if (cause instanceof InvalidTokenException) { Map map = new HashMap(); map.put("error", "無效token"); map.put("message", authException.getMessage()); map.put("path", request.getServletPath()); map.put("timestamp", String.valueOf(new Date().getTime())); response.setContentType("application/json"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); try { ObjectMapper mapper = new ObjectMapper(); mapper.writeValue(response.getOutputStream(), map); } catch (Exception e) { throw new ServletException(); } } } catch (Exception e) { e.printStackTrace(); } } }
則可以生效,返回信息具體如下:
如果想設(shè)置沒有權(quán)限的自定義異常信息的話:
/** * @author WGR * @create 2021/8/23 -- 17:09 */ @Component public class SimpleAccessDeniedHandler implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { Map map = new HashMap(); map.put("message", "無權(quán)操作"); map.put("path", request.getServletPath()); map.put("timestamp", String.valueOf(new Date().getTime())); response.setContentType("application/json"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); try { ObjectMapper mapper = new ObjectMapper(); mapper.writeValue(response.getOutputStream(), map); } catch (Exception e) { throw new ServletException(); } } }
把它設(shè)置到springsecurity中,添加進(jìn)去就可以了,如果不是想要捕獲token過期的話,就直接添加進(jìn)去也可以
以上為個(gè)人經(jīng)驗(yàn),希望能給大家一個(gè)參考,也希望大家多多支持腳本之家。
相關(guān)文章
Java Web文件上傳與下載優(yōu)化的實(shí)現(xiàn)方案
文件上傳與下載是 Web 應(yīng)用中常見的功能,尤其是在需要處理大量文件傳輸、存儲(chǔ)的場(chǎng)景下,傳統(tǒng)的文件上傳和下載方式雖然簡(jiǎn)單,但如果不加以優(yōu)化,可能會(huì)帶來一些問題,所以今天,我們將深入探討 Java Web 中如何實(shí)現(xiàn)高效的文件上傳和下載,需要的朋友可以參考下2025-02-02IDEA如何修改maven的JVM啟動(dòng)內(nèi)存參數(shù)
這篇文章主要介紹了IDEA如何修改maven的JVM啟動(dòng)內(nèi)存參數(shù)問題,具有很好的參考價(jià)值,希望對(duì)大家有所幫助,如有錯(cuò)誤或未考慮完全的地方,望不吝賜教2024-09-09重試框架Guava-Retry和spring-Retry的使用示例
spring-retry 和 guava-retry 工具都是線程安全的重試,能夠支持并發(fā)業(yè)務(wù)場(chǎng)景的重試邏輯正確性,本文主要介紹了重試框架Guava-Retry和spring-Retry的使用示例,感興趣的可以一下2023-09-09利用Java的Struts框架實(shí)現(xiàn)電子郵件發(fā)送功能
這篇文章主要介紹了利用Java的Struts框架實(shí)現(xiàn)電子郵件發(fā)送功能,Struts框架是Java的SSH三大web開發(fā)框架之一,需要的朋友可以參考下2015-12-12Springboot中基于X509完成SSL檢驗(yàn)的原理與實(shí)現(xiàn)
本文詳細(xì)解析了HTTPS通信中SSL證書的作用和原理,SSL證書建立在客戶端和服務(wù)器之間的安全通道,確保數(shù)據(jù)傳輸?shù)耐暾院捅C苄?詳細(xì)的介紹了Springboot中基于X509完成SSL檢驗(yàn)的原理與實(shí)現(xiàn),感興趣的可以了解一下2024-09-09