我想知道我是否可以自定义以下授权错误:
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
当用户请求没有权限时,我得到它。我想将其自定义为与 Spring Boot 错误非常相似:
{
"timestamp":1445441285803,
"status":401,
"error":"Unauthorized",
"message":"Bad credentials",
"path":"/oauth/token"
}
这可能吗?
非常感谢。
最佳答案
接受的答案对使用 Oauth2 的我不起作用。经过一番研究,exception translator solution成功了。
基本上,您需要创建一个 WebResponseExceptionTranslator
并将其注册为您的异常转换器。
首先,创建一个WebResponseExceptionTranslator
bean:
@Slf4j
@Configuration
public class Oauth2ExceptionTranslatorConfiguration {
@Bean
public WebResponseExceptionTranslator oauth2ResponseExceptionTranslator() {
return new DefaultWebResponseExceptionTranslator() {
@Override
public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
ResponseEntity<OAuth2Exception> responseEntity = super.translate(e);
OAuth2Exception body = responseEntity.getBody();
HttpStatus statusCode = responseEntity.getStatusCode();
body.addAdditionalInformation("timestamp", dateTimeFormat.format(clock.instant()))
body.addAdditionalInformation("status", body.getHttpErrorCode().toString())
body.addAdditionalInformation("message", body.getMessage())
body.addAdditionalInformation("code", body.getOAuth2ErrorCode().toUpperCase())
HttpHeaders headers = new HttpHeaders();
headers.setAll(responseEntity.getHeaders().toSingleValueMap());
// do something with header or response
return new ResponseEntity<>(body, headers, statusCode);
}
};
}
}
现在您需要更改 Oauth2 配置以注册 bean WebResponseExceptionTranslator
:
@Slf4j
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private ClientDetailsServiceBuilder builder;
@Autowired
private WebResponseExceptionTranslator oauth2ResponseExceptionTranslator;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) {
clients.setBuilder(builder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(
Arrays.asList(tokenEnhancer(), accessTokenConverter()));
endpoints.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancerChain)
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.exceptionTranslator(oauth2ResponseExceptionTranslator);
}
}
最终结果将是:
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource",
"code": "UNAUTHORIZED",
"message": "Full authentication is required to access this resource",
"status": "401",
"timestamp": "2018-06-28T23:55:28.86Z"
}
您可以看到我没有从OAuth2Exception
的原始正文中删除error
和error_description
。我建议维护它们,因为这两个字段遵循 OAuth2 规范。参见 the RFC和 OAuth2 API definitions了解更多详情。
您还可以自定义结果:覆盖error
或error_description
(只需调用addAdditionalInformation
),用 识别特定异常
的实例返回不同的 json 结果等。但是也有限制:如果你想将某个字段定义为 integer
,我认为这是不可能的,因为 addAdditionalInformation
方法只接受 String
作为类型。
关于java - 使用 OAuth2 从 Spring Security 自定义身份验证错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45985310/