Spring Cloud:Security OAuth2 自定义异常响应

时间:2021-09-27 22:31:42
对于客户端开发或者网站开发而言,调用接口返回有统一的响应体,可以针对性的设计界面,代码结构更加清晰,层次也更加分明。

默认异常响应

在使用 Spring Security Oauth2 登录和鉴权失败时,默认返回的异常信息如下:

{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}

这与我们返回的信息格式不一致。如果需要修改这种返回的格式,需要重写相关异常处理类。这里我统一的是资源服务器(网关)的响应格式。

自定义异常响应

无效 token 异常类重写

新增 AuthExceptionEntryPoint.java

@Component
public class AuthExceptionEntryPoint implements AuthenticationEntryPoint
{ @Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws ServletException {
Map<String, Object> map = new HashMap<String, Object>();
Throwable cause = authException.getCause(); response.setStatus(HttpStatus.OK.value());
response.setHeader("Content-Type", "application/json;charset=UTF-8");
try {
if(cause instanceof InvalidTokenException) {
response.getWriter().write(ResultJsonUtil.build(
ResponseCodeConstant.REQUEST_FAILED,
ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,
ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL
));
}else{
response.getWriter().write(ResultJsonUtil.build(
ResponseCodeConstant.REQUEST_FAILED,
ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,
ResponseMessageConstant.OAUTH_TOKEN_MISSING
));
}
} catch (IOException e) {
e.printStackTrace();
}
}
}

权限不足异常类重写

新增 CustomAccessDeniedHandler.java

@Component("customAccessDeniedHandler")
public class CustomAccessDeniedHandler implements AccessDeniedHandler { @Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException)
throws IOException, ServletException {
response.setStatus(HttpStatus.OK.value());
response.setHeader("Content-Type", "application/json;charset=UTF-8");
try {
response.getWriter().write(ResultJsonUtil.build(
ResponseCodeConstant.REQUEST_FAILED,
ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED,
ResponseMessageConstant.OAUTH_TOKEN_DENIED
));
} catch (IOException e) {
e.printStackTrace();
}
}
}

资源配置类中设置异常处理类

修改资源配置类 ResourceServerConfiguration.java

@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.tokenExtractor(customTokenExtractor);
resources.authenticationEntryPoint(authExceptionEntryPoint)
.accessDeniedHandler(customAccessDeniedHandler);

}

自定义响应测试

Spring Cloud:Security OAuth2 自定义异常响应

Spring Cloud:Security OAuth2 自定义异常响应

示例代码https://github.com/BNDong/spring-cloud-examples/tree/master/spring-cloud-zuul/cloud-zuul