[英]How to prevent exceptions from multiple queries to API in Spring Security OAuth2
[英]Spring Security OAuth2 : How to handle exceptions?
我正在开发一个使用Spring Security OAuth2保护少数REST API的应用程序,现在的要求是包装Spring OAuth2异常并以JSON格式对其进行自定义。 以下是我现有的Spring安全配置,我已经尝试过此链接上提到的答案,但未成功如何包装oauth2异常
这是从OAuth获取令牌的默认网址
<http pattern="/oauth/token" create-session="never"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
这将保护以下提到的以下API
<http pattern="/api/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/api/api/hospital/**" access="IS_AUTHENTICATED_FULLY" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
这用于生成密钥
<bean id="authenticationKeyGenerator" class="com.moss.oauth.MossAuthenticationKeyGenerator"/>
-
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="framework" />
</bean>
-
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="framework/client" />
<property name="typeName" value="Basic" />
</bean>
-
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
-
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
-
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
-
<authentication-manager id="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
-
<!-- This is simple authentication manager implementation using hibernate, gets users
credentials from DB -->
<bean id="userDetailsService" class="com.moss.service.impl.UserServiceImpl"></bean>
<!-- Same password encoder must be used for storing the password and user authenticationManager -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
-
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
-
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
-
<bean id="tokenStore" class="com.moss.oauth.MossHibernateTokenStore">
<constructor-arg ref="authenticationKeyGenerator" />
</bean>
-
<bean id="tokenServices"
class="com.moss.oauth.MossResourceAndAuthenticationTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="${oauth.refresh.token.support}" />
<property name="accessTokenValiditySeconds" value="${oauth.access.token.validity}" />
<property name="clientDetailsService" ref="clientDetails" />
<property name="userDetailsService" ref="userDetailsService" />
</bean>
-
<bean id="oAuth2RequestFactory"
class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<constructor-arg ref="clientDetails" />
</bean>
-
<bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<property name="requestFactory" ref="oAuth2RequestFactory" />
<property name="tokenStore" ref="tokenStore" />
</bean>
-
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
-
<oauth:resource-server id="resourceServerFilter"
resource-id="framework" token-services-ref="tokenServices" />
<bean id="clientDetails" class="com.moss.oauth.MossHibernateClientDetailsService">
<constructor-arg ref="dataSource" />
</bean>
-
<sec:global-method-security
pre-post-annotations="enabled" proxy-target-class="true">
<sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>
-
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
-
自定义响应将是代码中的一个点,您可以在其中访问默认响应,并且可以发送一个POJO代替它,例如,如果您想将error_description
更改为error_info
或其他任何内容,或者您可能想向其中添加更多变量响应。 该解决方案确实存在,但是我认为至少要实现这一点很痛苦,因为我是从这里复制它的:
这个问题已经解决。 请遵循以下解决方法:1将OAuth2Exception扩展到新类,例如CustomOAuth2Exception。 在自定义类中,添加一些特定的属性。 2个自定义DefaultWebResponseExceptionTranslator并在AuthorizationServerConfiguration中注册该自定义转换器。 3个自定义的两个杰克逊序列化器,在OAuth2Exception中进行了注释,并用这两个自定义序列化器对您的CustomOAuth2Exception进行了注释。 4使用ObjectMapper用自定义序列化程序覆盖初始序列化程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.