一尘不染

使用OAuth2从Spring Security自定义身份验证错误

spring-boot

我想知道是否可以自定义以下授权错误:

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}

当用户请求没有权限时,我得到了它。我想将其自定义为与Spring Boot错误非常相似:

{
 "timestamp":1445441285803,
 "status":401,
 "error":"Unauthorized",
 "message":"Bad credentials",
 "path":"/oauth/token"
}

有可能吗

非常感谢。


阅读 1788

收藏
2020-05-30

共1个答案

一尘不染

我需要创建一个新类,该类实现“ AuthenticationEntryPoint”,如下所示:

public class AuthExceptionEntryPoint implements AuthenticationEntryPoint
{
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException arg2) throws IOException, ServletException
    {
        final Map<String, Object> mapBodyException = new HashMap<>() ;

        mapBodyException.put("error"    , "Error from AuthenticationEntryPoint") ;
        mapBodyException.put("message"  , "Message from AuthenticationEntryPoint") ;
        mapBodyException.put("exception", "My stack trace exception") ;
        mapBodyException.put("path"     , request.getServletPath()) ;
        mapBodyException.put("timestamp", (new Date()).getTime()) ;

        response.setContentType("application/json") ;
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED) ;

        final ObjectMapper mapper = new ObjectMapper() ;
        mapper.writeValue(response.getOutputStream(), mapBodyException) ;
    }
}

并将其添加到我的ResourceServerConfigurerAdapter实现中:

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter
{   
    @Override
    public void configure(HttpSecurity http) throws Exception
    {
        http.exceptionHandling().authenticationEntryPoint(new AuthExceptionEntryPoint()) ;

    }
}

您可以找到我的GitHub项目,该项目实现了您所需的一切:

https://github.com/pakkk/custom-spring-
security

2020-05-30