更新时间:2021-06-28 17:17:45
WebSecurityConfigurerAdapter方法
The HttpSecurity
class has a method called exceptionHandling which can be used to override the default behavior. The following sample presents how the response message can be customized.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// your custom configuration goes here
.exceptionHandling()
.authenticationEntryPoint((request, response, e) -> {
String json = String.format("{\"message\": \"%s\"}", e.getMessage());
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
response.getWriter().write(json);
});
}
@ControllerAdvice方法-为什么在这种情况下不起作用
起初,我想到了@ControllerAdvice
,它捕获了整个应用程序的身份验证异常.
At first I thought about @ControllerAdvice
that catches authentication exceptions for the entire application.
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
@ControllerAdvice
public class AuthExceptionHandler {
@ResponseStatus(HttpStatus.UNAUTHORIZED)
@ExceptionHandler(AuthenticationException.class)
@ResponseBody
public String handleAuthenticationException(AuthenticationException e) {
return String.format("{\"message\": \"%s\"}", e.getMessage());
}
}
在上面的示例中,JSON是手动构建的,但是您可以简单地返回一个POJO,该POJO将被映射到JSON中,就像从常规REST控制器中一样.从Spring 4.3开始,您还可以使用 @ RestControllerAdvice ,它是@ControllerAdvice
和@ResponseBody
的组合.
In the example above, the JSON is built manually, but you can simply return a POJO which will be mapped into JSON just like from a regular REST controller. Since Spring 4.3 you can also use @RestControllerAdvice, which is a combination of @ControllerAdvice
and @ResponseBody
.
但是,此方法无效,因为该异常是由AbstractSecurityInterceptor
引发并由
However, this approach doesn't work because the exception is thrown by the AbstractSecurityInterceptor
and handled by ExceptionTranslationFilter before any controller is reached.