[英]Spring security custom exception handler with preauth
I'm trying to configure some custom exception handling with Spring Security 3.1.2. 我正在尝试使用Spring Security 3.1.2配置一些自定义异常处理。 I tried following the examples I found here and here , but neither works.
我尝试按照此处和此处找到的示例进行操作,但均无济于事。 I'm new to Spring Security, and I'm wondering if this might have something to do with the fact that I'm using a preauth filter.
我是Spring Security的新手,我想知道这是否与我使用preauth过滤器有关。 I'm throwing my custom exceptions from within the loadUserDetails() method of my AuthenticationUserDetailsService implementation.
我从AuthenticationUserDetailsService实现的loadUserDetails()方法中抛出了自定义异常。
public class AuthServiceImpl implements AuthenticationUserDetailsService<Authentication> {
@Autowired
private AuthDao authDao;
@Override
public UserDetails loadUserDetails(Authentication auth) throws UsernameNotFoundException {
Request req = (Request) auth.getPrincipal();
//get user details
User u = authDao.loadUser(req.getSessionId());
//check user rights for requested action
if(!u.getRights().contains(req.getAction()){
throw new CustomAuthException("User does not have permission to perform this action");
}
return u;
}
}
When the exception is thrown I just get the normal Tomcat 500 page with the exception details. 当引发异常时,我将获得包含异常详细信息的常规Tomcat 500页面。 For whatever reason my custom exceptions are not getting handled at all.
无论出于什么原因,我的自定义异常都不会得到处理。 I even added some println()s in the custom handler, and it's not even being called.
我什至在自定义处理程序中添加了一些println(),甚至没有被调用。
I'm starting to wonder if this method is somehow excluded from Spring's exception handling. 我开始怀疑这个方法是否以某种方式被排除在Spring的异常处理之外。 I can provide more code examples if needed, but at this point I'm not sure what would be relevant to share.
如果需要,我可以提供更多代码示例,但是目前我不确定要共享的内容。
You use SimpleMappingExceptionResolver . 您使用SimpleMappingExceptionResolver 。 It is a Spring MVC component.
它是Spring MVC组件。 So when you have some exception during execution of some controller then DispatcherServlet will call SimpleMappingExceptionResolver.
因此,当您在执行某些控制器期间遇到某些异常时,DispatcherServlet将调用SimpleMappingExceptionResolver。 The problem is that your AuthenticationUserDetailsService implementation is used only during login action.
问题是您的AuthenticationUserDetailsService实现仅在登录操作期间使用。 And this action is processed by Spring Security filter directly (Spring MVC is not used) .
并且该动作直接由Spring Security过滤器处理(不使用Spring MVC) 。 Request does not reach DispatcherServlet and SimpleMappingExceptionResolver will never be called for this case.
请求未到达DispatcherServlet,在这种情况下将永远不会调用SimpleMappingExceptionResolver。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.