Spring Cloud:Security OAuth2 自定义异常响应

发表于:魔客站 2019-4-20 分类:建站教程 阅读: 478

标签:point   spring   http   getc   next   网站开发   amp   tor   type   

对于客户端开发或者网站开发而言,调用接口返回有统一的响应体,可以针对性的设计界面,代码结构更加清晰,层次也更加分明。

默认异常响应

在使用 Spring Security Oauth2 登录和鉴权失败时,默认返回的异常信息如下:

{  "error": "unauthorized",  "error_description": "Full authentication is required to access this resource"}

这与我们返回的信息格式不一致。如果需要修改这种返回的格式,需要重写相关异常处理类。这里我统一的是资源服务器(网关)的响应格式。

自定义异常响应

无效 token 异常类重写

新增 AuthExceptionEntryPoint.java

@Componentpublic class AuthExceptionEntryPoint implements AuthenticationEntryPoint{    @Override    public void commence(HttpServletRequest request, HttpServletResponse response,                         AuthenticationException authException) throws ServletException {        Map<String, Object> map = new HashMap<String, Object>();        Throwable cause = authException.getCause();        response.setStatus(HttpStatus.OK.value());        response.setHeader("Content-Type", "application/json;charset=UTF-8");        try {            if(cause instanceof InvalidTokenException) {                response.getWriter().write(ResultJsonUtil.build(                        ResponseCodeConstant.REQUEST_FAILED,                        ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,                        ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL                ));            }else{                response.getWriter().write(ResultJsonUtil.build(                        ResponseCodeConstant.REQUEST_FAILED,                        ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,                        ResponseMessageConstant.OAUTH_TOKEN_MISSING                ));            }        } catch (IOException e) {            e.printStackTrace();        }    }}

权限不足异常类重写

新增 CustomAccessDeniedHandler.java

@Component("customAccessDeniedHandler")public class CustomAccessDeniedHandler implements AccessDeniedHandler {    @Override    public void handle(HttpServletRequest request, HttpServletResponse response,                       AccessDeniedException accessDeniedException)            throws IOException, ServletException {        response.setStatus(HttpStatus.OK.value());        response.setHeader("Content-Type", "application/json;charset=UTF-8");        try {            response.getWriter().write(ResultJsonUtil.build(                    ResponseCodeConstant.REQUEST_FAILED,                    ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED,                    ResponseMessageConstant.OAUTH_TOKEN_DENIED            ));        } catch (IOException e) {            e.printStackTrace();        }    }}

资源配置类中设置异常处理类

修改资源配置类 ResourceServerConfiguration.java

@Overridepublic void configure(ResourceServerSecurityConfigurer resources) {    resources.tokenExtractor(customTokenExtractor);    resources.authenticationEntryPoint(authExceptionEntryPoint)            .accessDeniedHandler(customAccessDeniedHandler);}

 

自定义响应测试

技术分享图片

技术分享图片

示例代码:https://github.com/BNDong/spring-cloud-examples/tree/master/spring-cloud-zuul/cloud-zuul

Spring Cloud:Security OAuth2 自定义异常响应

标签:point   spring   http   getc   next   网站开发   amp   tor   type   

原文地址:https://www.cnblogs.com/bndong/p/10275430.html