[英]Customize OAuth2 error response on client authentication with Spring Security
While this seems to be an easy task, it turns out the opposite. 虽然这似乎是一项容易的任务,但事实恰恰相反。 I'm trying to customize the error handling for OAuth2 client authentication requests.
我正在尝试自定义OAuth2客户端身份验证请求的错误处理。 The purpose of this is to remove the exception stacktrace/message from the response message.
这样做的目的是从响应消息中删除异常堆栈跟踪/消息。
OAuth2ExceptionRenderer
OAuth2ExceptionRenderer
的自定义实现 Create a @Bean
instance of OAuth2AuthenticationEntryPoint
创建
@Bean
的实例OAuth2AuthenticationEntryPoint
@Bean public OAuth2AuthenticationEntryPoint clientAuthEntryPoint() { OAuth2AuthenticationEntryPoint clientEntryPoint = new OAuth2AuthenticationEntryPoint(); clientEntryPoint.setTypeName("Basic"); clientEntryPoint.setRealmName("my-realm/client"); clientEntryPoint.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return clientEntryPoint; }
Create an access denied handler 创建访问被拒绝处理程序
@Bean public OAuth2AccessDeniedHandler accessDeniedHandler() { OAuth2AccessDeniedHandler adh = new OAuth2AccessDeniedHandler(); adh.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return adh; }
Augment the AuthorizationServerSecurityConfigurer
, among others, with these specialized implementations in AuthorizationServerConfiguration
充实到
AuthorizationServerSecurityConfigurer
,等等,在这些特定的实现AuthorizationServerConfiguration
@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.authenticationEntryPoint(clientAuthEntryPoint()); oauthServer.accessDeniedHandler(accessDeniedHandler()); oauthServer.realm("my-realm"); } }
We use curl to initiate OAuth2 reuqests. 我们使用curl来启动OAuth2 reuqests。 Here is the command we use to test the client authenticaiton:
以下是我们用于测试客户端身份验证的命令:
curl --insecure -H "Accept: application/json" -X POST -iu adfadsf:asdvadfgadf "https://localhost:8430/oauth/token?grant_type=password$username=john&pasword=johny"
Since the client authentication is a Basic authentication, Spring Security will assign a BasicAuthenticationFilter
to that step. 由于客户端身份验证是基本身份验证,因此Spring Security会将
BasicAuthenticationFilter
分配给该步骤。 If it happens to have an error in the backend related to this step (eg SQL exception), Spring Security will not pick up the OAuth2AuthenticationEntryPoint
and will fall-back to a default entry point BasicAuthenticationEntryPoint
. 如果在与此步骤相关的后端发生错误(例如SQL异常),则Spring Security将不会选择
OAuth2AuthenticationEntryPoint
并将返回默认入口点BasicAuthenticationEntryPoint
。
o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
o.s.s.w.a.www.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: show me the money
s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@649f92da
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed```
You could try the solution posted by Roman Wozniak on your ticket #483 . 你可以尝试罗马沃兹尼亚克在你的机票#483上发布的解决方案。 It worked pretty well for me :)
它对我来说效果很好:)
Code by Roman Wozniak: 罗马沃兹尼亚克代码:
@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { //... @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer .realm(RESOURCE_ID + "/client") .accessDeniedHandler(accessDeniedHandler) .authenticationEntryPoint(entryPoint); // This allows you to replace default filter for Basic authentication and customize error responses oauthServer.addTokenEndpointAuthenticationFilter( new BasicAuthenticationFilter(authenticationManager, entryPoint)); } }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.