Spring 启动 - 取消按钮在 Azure AD B2C 策略上引发错误
[英]Spring Boot - Cancel button throws error on Azure AD B2C Policy
问题描述
I have to consume a custom policy on Azure AD B2C on my Spring Boot App.
我必须在我的 Spring 启动应用程序上使用关于 Azure AD B2C 的自定义策略。
When I try to "Cancel" from the Forgot Password policy, it takes me to localhost:8443/login?error.当我尝试从忘记密码策略中“取消”时,它会将我带到 localhost:8443/login?error。
On that page, it shows me在该页面上,它显示了我
[access_denied] AADB2C90091: The user has cancelled entering self-asserted information.
How do I handle such errors in Spring Boot? Spring Boot出现此类错误如何处理? What changes do I make in WebSecurity.java, if any?我在 WebSecurity.java 中做了哪些更改(如果有)?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/welcome", "/newRegistrationStart", "/logoutSuccess" ).permitAll()
.antMatchers("/images/*").permitAll()
.anyRequest().authenticated()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/logoutSuccess")
.and()
.apply(configurer)
;
}
1 个解决方案
解决方案1
0 2022-03-21 12:48:19
Please check if below references can be worked around:请检查以下参考资料是否可以解决:
If the user clicks the 'Cancel' button,Azure AD B2C will return an error response with Error Code -AADB2C90091.如果用户单击“取消”按钮,Azure AD B2C 将返回错误代码为 -AADB2C90091 的错误响应。 This is expected behavior as the idea is to catch those error codes and redirect to any other page for example to home or index page, The error is handled by the application based on the code sent back.这是预期的行为,因为想法是捕获这些错误代码并重定向到任何其他页面,例如主页或索引页面,错误由应用程序根据发回的代码进行处理。
To mitigate the Error AADB2C90091 you must intercept the error response and prevent the Authentication middleware to throw this error back to page.要缓解错误 AADB2C90091,您必须拦截错误响应并防止身份验证中间件将此错误抛回页面。 The user is redirected to the url specified in the redirect_uri but with error.用户被重定向到 redirect_uri 中指定的 url,但出现错误。 But you can play with HTML template (with JavaScript) and add your own link.但是您可以使用 HTML 模板(使用 JavaScript)并添加您自己的链接。
or Try to make use of accessDeniedHandler under exceptionHandling()或尝试在 exceptionHandling() 下使用accessDeniedHandler
.requestCache()
.requestCache(myRequestCache)
.and()
.exceptionHandling()
.accessDeniedHandler(myAccessDeniedHandler)
And in accessdeniedhandler,you can redirect to required page ex:login page in place as shown in below references.在 accessdeniedhandler 中,您可以重定向到所需的页面 ex:login 页面,如下面的参考资料所示。
Please see: spring - AccessDeniedHandler with redirect to login page - Stack Overflow for more details & java - Handle Security exceptions in Spring Boot Resource Server - Stack Overflow请参阅: spring - AccessDeniedHandler 重定向到登录页面 - Stack Overflow了解更多详情 & java - 处理 Spring 引导资源服务器中的安全异常 - 堆栈内存溢出
Other references:其他参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.