默認異常響應

在使用Spring Security Oauth2 登錄和鑒權失敗時，默認返回的異常信息如下：

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}

這與我們返回的信息格式不一致。如果需要修改這種返回的格式，需要重寫相關異常處理類。這里我統一的是資源服務器（網關）的響應格式。

自定義異常

無效token異常類重寫

新增 AuthExceptionEntryPoint.java

@Component
public class AuthExceptionEntryPoint implements AuthenticationEntryPoint
{

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException authException) throws ServletException {
        Map<String, Object> map = new HashMap<String, Object>();
        Throwable cause = authException.getCause();

        response.setStatus(HttpStatus.OK.value());
        response.setHeader("Content-Type", "application/json;charset=UTF-8");
        try {
            if(cause instanceof InvalidTokenException) {
                response.getWriter().write(ResultJsonUtil.build(
                        ResponseCodeConstant.REQUEST_FAILED,
                        ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,
                        ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL
                ));
            }else{
                response.getWriter().write(ResultJsonUtil.build(
                        ResponseCodeConstant.REQUEST_FAILED,
                        ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,
                        ResponseMessageConstant.OAUTH_TOKEN_MISSING
                ));
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

權限不足異常類重寫

新增 CustomAccessDeniedHandler.java

@Component("customAccessDeniedHandler")
public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response,
                       AccessDeniedException accessDeniedException)
            throws IOException, ServletException {
        response.setStatus(HttpStatus.OK.value());
        response.setHeader("Content-Type", "application/json;charset=UTF-8");
        try {
            response.getWriter().write(ResultJsonUtil.build(
                    ResponseCodeConstant.REQUEST_FAILED,
                    ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED,
                    ResponseMessageConstant.OAUTH_TOKEN_DENIED
            ));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

資源配置類中設置異常處理類

修改資源配置類 ResourceServerConfiguration.java

@Override
public void configure(ResourceServerSecurityConfigurer resources) {
    resources.tokenExtractor(customTokenExtractor);
    resources.authenticationEntryPoint(authExceptionEntryPoint)
            .accessDeniedHandler(customAccessDeniedHandler);
}

示例代碼：https://github.com/BNDong/spring-cloud-examples/tree/master/spring-cloud-zuul/cloud-zuul

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Spring Cloud：Security OAuth2 自定義異常響應 Spring Cloud實戰 | 第九篇：Spring Cloud整合Spring Security OAuth2認證服務器統一認證自定義異常處理 Spring Security Oauth2 自定義 OAuth2 Exception Spring Security OAuth2自定義令牌配置 Spring Security OAuth2自定義Token獲取方式 Spring Security OAuth2 Provider 之自定義開發 Spring Cloud zuul自定義異常信息 Spring Cloud Gateway配置自定義異常返回 Spring Security(1-7) Spring Security 中自定義異常處理 Spring Cloud 學習 (九) Spring Security, OAuth2