个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我有一个关于 Spring Security 中的异常处理的问题。
我已经定义了一个 CustomUserDetailsService,它有时(当 SM_USER header 中的值为 false 时)应该抛出异常。
public class CustomUserDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String smHeaderValue) throws UsernameNotFoundException {
... throw new UsernameNotFoundException("wrong value of the sm Header");
...
}
在这种情况下,我希望抛出 Http 状态代码 403 (AccessDenied),但 Spring Security 始终显示 500。并且无法显示标准(对于我的软件)异常表示。我认为异常解析器可以帮助我。但据我所知,标准异常解析器不适合 SpringSecurity,它的范围仅限于 Spring MVC。
@ControllerAdvice
公共(public)类 ExceptionResolver 扩展了 AbstractHandlerExceptionResolver{
@Override
protected ModelAndView doResolveException(HttpServletRequest request,
HttpServletResponse responce, Object handler, Exception exception) {
ModelAndView toReturn = new ModelAndView();
toReturn.setView(new MappingJackson2JsonView());
toReturn.addObject("message", exception.getMessage());
toReturn.addObject("exceptionClass", exception.getClass().getCanonicalName());
HttpStatus exceptionStatus = getStatus(exception);
responce.setStatus(exceptionStatus.value());
return toReturn;
}
private HttpStatus getStatus(Exception exception){
if (exception instanceof UsernameNotFoundException)
return HttpStatus.FORBIDDEN;
return HttpStatus.BAD_REQUEST;
}
}
有什么办法可以解决UserDetailsService的异常吗?
更新
15:42:37,948 DEBUG qtp1052330967-15 security.DelegateRequestMatchingFilter:137 - preAuthenticatedPrincipal = dhdg, trying to authenticate
15:42:37,950 INFO qtp1052330967-15 security.CustomUserDetailsService:57 - looking for authorities for sm header value: [dhdg]
15:42:37,989 DEBUG qtp1052330967-15 security.DelegateRequestMatchingFilter:225 - Cleared security context due to exception
org.springframework.security.core.userdetails.UsernameNotFoundException: there is no opened sessions with this sm user header value
at de.escosautomation.restserver.security.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:73)
at org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper.loadUserDetails(UserDetailsByNameServiceWrapper.java:53)
at org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider.authenticate(PreAuthenticatedAuthenticationProvider.java:87)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:145)
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:113)
at de.escosautomation.restserver.security.DelegateRequestMatchingFilter.doFilter(DelegateRequestMatchingFilter.java:51)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
最佳答案
我想我明白这里出了什么问题。由于您使用了 PreAuthenticatedAuthenticationProvider,因此并未真正处理 UsernameNotFoundException。这是因为在典型的预认证环境中,已经验证了用户的存在。
相反,您应该返回一个状态为禁用或锁定的UserDetails对象。
如果您根本无法读取用户信息,您可以抛出一个AuthenticationServiceException。
关于java - UserDetailsService 的异常处理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43739998/
24
4
0
我是一名优秀的程序员,十分优秀!