堆栈内存溢出
  简体   繁体   English

如果登录失败,如何获取 http 请求/响应的正文作为登录 spring 安全性

[英]How to get body of http request/response as log in spring security if login failed

 原文  2021-12-06 06:40:07       java/ spring-boot/ logging/ spring-security

问题描述

I am trying to get log of http request/response in spring security.我正在尝试在 spring 安全性中获取 http 请求/响应的日志。 It's no problem if login is success.登录成功是没有问题的。 But when login fails I can't get body.但是当登录失败时,我无法获取正文。 I am using slf4j of lombok and zalando logbook library .我正在使用 lombok 和zalando logbook library的 slf4j 。

This is my spring-security config:这是我的 spring-security 配置:

 @Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/test/get/**").hasAnyRole("USER")
            .antMatchers("/test/get-all").hasRole("ADMIN")
            .antMatchers("/test/save").hasRole("ADMIN")
            .and()
            .formLogin()
            .permitAll()
            .and()
            .httpBasic();
}

If login success I get such logs (There is body of response):如果登录成功,我会得到这样的日志(有响应正文):

{"origin":"local","type":"response","body":"I am saving {\"str\": \"Hello world\"\r\n}"}

If login fails I get response without body:如果登录失败,我会得到没有正文的响应:

{"origin":"local","type":"response", "X-XSS-Protection":["1; mode=block"]}}

How to get the body of response/request if login fails?如果登录失败,如何获取响应/请求的正文?

1 个解决方案

解决方案1
 0  2021-12-08 12:24:30

It seems that you are using formLogin() , so you can do this:您似乎正在使用formLogin() ,因此您可以这样做:

http
    .formLogin()
        .failureHandler((req, res, authentication) -> /*do whatever you want with req, res and authentication*/)
    ...

The AuthenticationFailureHandler interface defines one method where you have available the HTTP request, response, and the Authentication object. AuthenticationFailureHandler接口定义了一种方法,您可以在其中使用 HTTP 请求、响应和身份验证 object。

void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在将响应返回给调用者时注销对 Spring WebFlux WebClient 请求的失败响应的正文? - How do I log out the body of a failed response to a Spring WebFlux WebClient request while returning the response to the caller? 当 java 中的请求失败时,如何获取 http 响应正文? - How can I get http response body when request is failed in java? Spring Webflux,仅在调试模式下记录来自反应式 http 请求的响应正文 - Spring Webflux, log response body from reactive http request only in debug mode 如何在 spring Webflux Java 中记录请求正文 - How to log request body in spring Webflux Java Spring Security:如何更改响应的 HTTP 状态? - Spring Security: how to change HTTP Status for response? 如何通过Spring RestTemplate更改获取请求中的响应http标头? - How to change response http header in get request by spring RestTemplate? 春季-无法读取HTTP消息。 缺少所需的请求正文 - Spring - Failed to read HTTP message. Required request body is missing 无法处理请求[GET http:// localhost:8080]:响应状态404 Spring,RESTfull,thymleaf - Failed to handle request [GET http://localhost:8080 ]: Response status 404 Spring, RESTfull ,thymleaf CRest日志请求/响应正文 - CRest log request / response body 如何正确重定向失败角色的 spring 安全登录上的登录失败? - How to properly redirect login failure on a spring security login for a failed role?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM