[英]Customize OAuth2 error response on client authentication with Spring Security
雖然這似乎是一項容易的任務,但事實恰恰相反。 我正在嘗試自定義OAuth2客戶端身份驗證請求的錯誤處理。 這樣做的目的是從響應消息中刪除異常堆棧跟蹤/消息。
OAuth2ExceptionRenderer
的自定義實現 創建@Bean
的實例OAuth2AuthenticationEntryPoint
@Bean public OAuth2AuthenticationEntryPoint clientAuthEntryPoint() { OAuth2AuthenticationEntryPoint clientEntryPoint = new OAuth2AuthenticationEntryPoint(); clientEntryPoint.setTypeName("Basic"); clientEntryPoint.setRealmName("my-realm/client"); clientEntryPoint.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return clientEntryPoint; }
創建訪問被拒絕處理程序
@Bean public OAuth2AccessDeniedHandler accessDeniedHandler() { OAuth2AccessDeniedHandler adh = new OAuth2AccessDeniedHandler(); adh.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return adh; }
充實到AuthorizationServerSecurityConfigurer
,等等,在這些特定的實現AuthorizationServerConfiguration
@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.authenticationEntryPoint(clientAuthEntryPoint()); oauthServer.accessDeniedHandler(accessDeniedHandler()); oauthServer.realm("my-realm"); } }
我們使用curl來啟動OAuth2 reuqests。 以下是我們用於測試客戶端身份驗證的命令:
curl --insecure -H "Accept: application/json" -X POST -iu adfadsf:asdvadfgadf "https://localhost:8430/oauth/token?grant_type=password$username=john&pasword=johny"
由於客戶端身份驗證是基本身份驗證,因此Spring Security會將BasicAuthenticationFilter
分配給該步驟。 如果在與此步驟相關的后端發生錯誤(例如SQL異常),則Spring Security將不會選擇OAuth2AuthenticationEntryPoint
並將返回默認入口點BasicAuthenticationEntryPoint
。
o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
o.s.s.w.a.www.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: show me the money
s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@649f92da
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed```
你可以嘗試羅馬沃茲尼亞克在你的機票#483上發布的解決方案。 它對我來說效果很好:)
羅馬沃茲尼亞克代碼:
@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { //... @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer .realm(RESOURCE_ID + "/client") .accessDeniedHandler(accessDeniedHandler) .authenticationEntryPoint(entryPoint); // This allows you to replace default filter for Basic authentication and customize error responses oauthServer.addTokenEndpointAuthenticationFilter( new BasicAuthenticationFilter(authenticationManager, entryPoint)); } }
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.