堆栈内存溢出
  简体   繁体   English

具有preauth的Spring Security自定义异常处理程序

[英]Spring security custom exception handler with preauth

 原文  2013-02-03 15:25:02       java/ spring/ spring-mvc/ spring-security

问题描述

I'm trying to configure some custom exception handling with Spring Security 3.1.2. 我正在尝试使用Spring Security 3.1.2配置一些自定义异常处理。 I tried following the examples I found here and here , but neither works. 我尝试按照此处此处找到的示例进行操作,但均无济于事。 I'm new to Spring Security, and I'm wondering if this might have something to do with the fact that I'm using a preauth filter. 我是Spring Security的新手,我想知道这是否与我使用preauth过滤器有关。 I'm throwing my custom exceptions from within the loadUserDetails() method of my AuthenticationUserDetailsService implementation. 我从AuthenticationUserDetailsS​​ervice实现的loadUserDetails()方法中抛出了自定义异常。 

public class AuthServiceImpl implements AuthenticationUserDetailsService<Authentication> {
  @Autowired
  private AuthDao authDao;

  @Override
  public UserDetails loadUserDetails(Authentication auth) throws UsernameNotFoundException {
    Request req = (Request) auth.getPrincipal();

    //get user details
    User u = authDao.loadUser(req.getSessionId());

    //check user rights for requested action
    if(!u.getRights().contains(req.getAction()){
      throw new CustomAuthException("User does not have permission to perform this action");
    }

    return u;
  }
}

When the exception is thrown I just get the normal Tomcat 500 page with the exception details. 当引发异常时,我将获得包含异常详细信息的常规Tomcat 500页面。 For whatever reason my custom exceptions are not getting handled at all. 无论出于什么原因,我的自定义异常都不会得到处理。 I even added some println()s in the custom handler, and it's not even being called. 我什至在自定义处理程序中添加了一些println(),甚至没有被调用。

I'm starting to wonder if this method is somehow excluded from Spring's exception handling. 我开始怀疑这个方法是否以某种方式被排除在Spring的异常处理之外。 I can provide more code examples if needed, but at this point I'm not sure what would be relevant to share. 如果需要,我可以提供更多代码示例,但是目前我不确定要共享的内容。

1 个解决方案

解决方案1
 1  2013-02-04 10:10:16

You use SimpleMappingExceptionResolver . 您使用SimpleMappingExceptionResolver It is a Spring MVC component. 它是Spring MVC组件。 So when you have some exception during execution of some controller then DispatcherServlet will call SimpleMappingExceptionResolver. 因此,当您在执行某些控制器期间遇到某些异常时,DispatcherServlet将调用SimpleMappingExceptionResolver。 The problem is that your AuthenticationUserDetailsService implementation is used only during login action. 问题是您的AuthenticationUserDetailsS​​ervice实现仅在登录操作期间使用。 And this action is processed by Spring Security filter directly (Spring MVC is not used) . 并且该动作直接由Spring Security过滤器处理(不使用Spring MVC) Request does not reach DispatcherServlet and SimpleMappingExceptionResolver will never be called for this case. 请求未到达DispatcherServlet,在这种情况下将永远不会调用SimpleMappingExceptionResolver。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring 4 Security Tiles 3自定义成功处理程序 - Spring 4 Security Tiles 3 Custom Success Handler Spring Oauth2 - 自定义异常处理程序 - Spring Oauth2 - custom exception handler Spring 安全异常处理自定义响应 - Spring security exception handling custom response 有没有办法处理从 Spring 中的自定义异常处理程序内部抛出的异常? - Is there a way to handle an exception thrown from inside of custom exception handler in Spring? Spring Security Java Config自定义注销处理程序不起作用 - Spring Security Java Config Custom Logout Handler Not Working 在 spring 安全性中,如何实现 SAML 和自定义身份验证处理程序 - In spring security how to implement both SAML and custom authentication handler 自定义异常在使用 spring 引导和 spring 安全性的过滤器中不起作用 - Custom exception is not working in filter using spring boot and spring security Spring Boot 从异常处理程序返回 401 状态的自定义对象 - Spring Boot Returning 401 Statused Custom Object From Exception Handler Java:自定义枚举验证器注释未在 Spring RestControllerAdvice 异常处理程序中触发 - Java: custom enum validator annotation not triggered in Spring RestControllerAdvice exception handler Java Spring 启动自定义异常处理程序抛出 controller - Java Spring Boot Custom Exception Handler thrown out of controller
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM