• 【转载】Spring Security Oauth2 自定义 OAuth2 Exception


    https://www.cnblogs.com/merryyou/p/9100260.html

    前言

    在使用Spring Security Oauth2登录和鉴权失败时,默认返回的异常信息如下

    {
      "error": "unauthorized",
      "error_description": "Full authentication is required to access this resource"
    }
    

    。它与我们自定义返回信息不一致,并且描述信息较少。那么如何自定义Spring Security Oauth2异常信息呢,下面我们简单实现以下。格式如下:

    
    {
    "error": "400",
    "message": "坏的凭证",
    "path": "/oauth/token",
    "timestamp": "1527432468717"
    }
    

    自定义登录失败异常信息

    新增CustomOauthException

    • 添加自定义异常类,指定json序列化方式
    @JsonSerialize(using = CustomOauthExceptionSerializer.class)
    public class CustomOauthException extends OAuth2Exception {
        public CustomOauthException(String msg) {
            super(msg);
        }
    }
    

    新增CustomOauthExceptionSerializer

    • 添加CustomOauthException的序列化实现
    public class CustomOauthExceptionSerializer extends StdSerializer<CustomOauthException> {
        public CustomOauthExceptionSerializer() {
            super(CustomOauthException.class);
        }
    
        @Override
        public void serialize(CustomOauthException value, JsonGenerator gen, SerializerProvider provider) throws IOException {
            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    
            gen.writeStartObject();
            gen.writeStringField("error", String.valueOf(value.getHttpErrorCode()));
            gen.writeStringField("message", value.getMessage());
    //        gen.writeStringField("message", "用户名或密码错误");
            gen.writeStringField("path", request.getServletPath());
            gen.writeStringField("timestamp", String.valueOf(new Date().getTime()));
            if (value.getAdditionalInformation()!=null) {
                for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) {
                    String key = entry.getKey();
                    String add = entry.getValue();
                    gen.writeStringField(key, add);
                }
            }
            gen.writeEndObject();
        }
    }
    
    

    添加CustomWebResponseExceptionTranslator

    • 添加CustomWebResponseExceptionTranslator,登录发生异常时指定exceptionTranslator
    public class CustomOauthExceptionSerializer extends StdSerializer<CustomOauthException> {
        public CustomOauthExceptionSerializer() {
            super(CustomOauthException.class);
        }
    
        @Override
        public void serialize(CustomOauthException value, JsonGenerator gen, SerializerProvider provider) throws IOException {
            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    
            gen.writeStartObject();
            gen.writeStringField("error", String.valueOf(value.getHttpErrorCode()));
            gen.writeStringField("message", value.getMessage());
    //        gen.writeStringField("message", "用户名或密码错误");
            gen.writeStringField("path", request.getServletPath());
            gen.writeStringField("timestamp", String.valueOf(new Date().getTime()));
            if (value.getAdditionalInformation()!=null) {
                for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) {
                    String key = entry.getKey();
                    String add = entry.getValue();
                    gen.writeStringField(key, add);
                }
            }
            gen.writeEndObject();
        }
    }
    
    

    修改MerryyouAuthorizationServerConfig

    • 指定自定义customWebResponseExceptionTranslator
    @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.tokenStore(tokenStore)
                    .authenticationManager(authenticationManager)
                    .userDetailsService(userDetailsService);
            //扩展token返回结果
            if (jwtAccessTokenConverter != null && jwtTokenEnhancer != null) {
                TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
                List<TokenEnhancer> enhancerList = new ArrayList();
                enhancerList.add(jwtTokenEnhancer);
                enhancerList.add(jwtAccessTokenConverter);
                tokenEnhancerChain.setTokenEnhancers(enhancerList);
                //jwt
                endpoints.tokenEnhancer(tokenEnhancerChain)
                        .accessTokenConverter(jwtAccessTokenConverter);
            }
            endpoints.exceptionTranslator(customWebResponseExceptionTranslator);
        }
    
    

    自定义Token异常信息

    添加AuthExceptionEntryPoint

    • 自定义AuthExceptionEntryPoint用于tokan校验失败返回信息
    public class AuthExceptionEntryPoint implements AuthenticationEntryPoint {
    
    
        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response,
                             AuthenticationException authException)
                throws  ServletException {
    
            Map map = new HashMap();
            map.put("error", "401");
            map.put("message", authException.getMessage());
            map.put("path", request.getServletPath());
            map.put("timestamp", String.valueOf(new Date().getTime()));
            response.setContentType("application/json");
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            try {
                ObjectMapper mapper = new ObjectMapper();
                mapper.writeValue(response.getOutputStream(), map);
            } catch (Exception e) {
                throw new ServletException();
            }
        }
    }
    

    添加CustomAccessDeniedHandler

    • 授权失败(forbidden)时返回信息
    @Slf4j
    @Component("customAccessDeniedHandler")
    public class CustomAccessDeniedHandler implements AccessDeniedHandler {
    
        @Autowired
        private ObjectMapper objectMapper;
    
        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
            response.setContentType("application/json;charset=UTF-8");
                Map map = new HashMap();
                map.put("error", "400");
                map.put("message", accessDeniedException.getMessage());
                map.put("path", request.getServletPath());
                map.put("timestamp", String.valueOf(new Date().getTime()));
                response.setContentType("application/json");
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                response.getWriter().write(objectMapper.writeValueAsString(map));
        }
    }
    

    修改MerryyouResourceServerConfig

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.authenticationEntryPoint(new AuthExceptionEntryPoint())
            .accessDeniedHandler(CustomAccessDeniedHandler);
        }
    

    效果如下

    登录异常

    https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth209.gif

    token异常

    https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth210.gif

    禁止访问

    https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth211.gif

    token失效

    https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth212.gif

    代码下载

  • 相关阅读:
    数字建模工具
    博客园文档保存为pdf适合手机kindle阅读
    单点登录sso规范
    office在线预览方案
    KVM 虚机怎么热添加disk
    linux-基础FTP 协议传输
    TCP 三次握手四次挥手
    autossh 实现反向代理实现通过外网访问内网环境
    keepalived的工作原理
    openstack-ovs命令记录
  • 原文地址:https://www.cnblogs.com/exmyth/p/15654809.html
Copyright © 2020-2023  润新知