个人中心
gpt4 book ai didi

java - 无法更改 Spring 安全访问被拒绝的标准响应

转载 作者:太空宇宙 更新时间:2023-11-04 11:33:41 25 4
gpt4 key购买 nike

我有一个 Spring Boot 应用程序,其中我将 OAuth 与 Spring Security 结合使用。当我向 Spring Security 请求授权 token 时,它返回以下响应:

{"error":"invalid_grant","error_description":"Bad credentials"}

我需要将该响应更改为自定义 json,但我尝试过的方法都不起作用。

我尝试使用自定义AccessDeniedHandler,如下所示:

public class CustomOAuth2AccessDeniedHandler implements AccessDeniedHandler{

    public CustomOAuth2AccessDeniedHandler() {
    }

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException)
            throws IOException, ServletException {
        response.setContentType(MediaType.TEXT_PLAIN_VALUE);
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
        response.getOutputStream().println("Exception with message : " + authException.getMessage());
        //doHandle(request, response, authException);

    }

但它没有被调用。使用 web.xml 重定向响应对我来说不是一个选择,因为我使用的是 Spring Boot,并且我不想全局更改响应的格式。

我的spring-security.xml配置如下:

<!-- Definition of the Authentication Service -->
<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
      xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
    <anonymous enabled="false"/>
    <http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
    <!-- include this only if you need to authenticate clients via request parameters -->
    <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
    <access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>

<bean id="oauthAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="dstest"/>
</bean>

<bean id="clientAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="dstest/client"/>
    <property name="typeName" value="Basic"/>
</bean>

<!-- <bean id="oauthAccessDeniedHandler" -->
<!--       class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> -->
<bean id="oauthAccessDeniedHandler"
      class="in.robotrack.brad.config.CustomOAuth2AccessDeniedHandler"/>


<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager"/>
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
      xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
            <bean class="org.springframework.security.access.vote.RoleVoter"/>
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
        </list>
    </constructor-arg>
</bean>

<!-- Authentication in config file -->
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService"/>
</authentication-manager>

<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="customUserDetailsService">
    </authentication-provider>
</authentication-manager>

<bean id="clientDetailsUserService"
      class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails"/>
</bean>

<!-- Token Store  -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore"/>

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore"/>
    <property name="supportRefreshToken" value="true"/>
    <property name="clientDetailsService" ref="clientDetails"/>
    <!-- VIV -->
    <property name="accessTokenValiditySeconds" value="10"/>
</bean>

<bean id="userApprovalHandler"
      class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
    <property name="tokenServices" ref="tokenServices"/>
</bean>

最佳答案

尝试以下:

HttpSecurity http = ...
http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);

如果您不想定义自定义 AccessdeniedHandler 那么您也可以尝试这个

HttpSecurity http = ...
http.exceptionHandling().accessDeniedPage("/403");

然后在您的 Controller 中只需定义一个可以处理/403 请求映射的方法,然后您只需返回 403 错误页面,就像在任何 Controller 类内的普通方法中一样。

关于java - 无法更改 Spring 安全访问被拒绝的标准响应,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43517310/

25 4 0
文章推荐: java - 启动 Firefox 时出现 org.openqa.selenium.firefox.NotConnectedException
文章推荐: python - 如何使用 native Python/C API 从 C++ 创建 python 自定义类型?
文章推荐: java - 将 float 从 Java 传递给 JNI,额外的小数
文章推荐: linux - 在读取输入设备时处理输入设备的插入/拔出
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com