三行代码  ›  专栏  ›  技术社区  ›  lwjmexppgkjpph

Spring身份验证筛选器抛出错误错误消息

  •  2
  • lwjmexppgkjpph  · 技术社区  · 1 月前

    我有一个用于验证用户身份的自定义筛选器。即使我抛出了一个带有特定消息的自定义异常,我总是会收到要求完全验证的错误&还添加了异常处理程序。

    @Slf4j
    @Component
    public classTokenValidationFilter extends OncePerRequestFilter {
    
      @Autowired
      private TokenValidationHelper tokenValidationHelper;
    
      @Override
      protected void doFilterInternal(HttpServletRequest servletRequest, 
                HttpServletResponse servletResponse,
                FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
        MultiReadRequestWrapper request = new MultiReadRequestWrapper(httpRequest);
        SecurityContext context = SecurityContextHolder.getContext();
        // check if already authenticated
        if (context.getAuthentication() == null) {
          Authentication authentication = 
            tokenValidationHelper.validateAndAuthenticate(request);
            context.setAuthentication(authentication);
        }
        filterChain.doFilter(request, httpResponse);
      }
    }
    
    

    异常处理程序的代码:

    @ControllerAdvice
    public class ExceptionHandler {
    
    
      @ExceptionHandler({IrrecoverableAuthException.class})
      @ResponseBody
      @ResponseStatus(HttpStatus.UNAUTHORIZED)
      public RegistrationErrorResponse handleInternalServerException(IrrecoverableAuthException exception) {
        return getErrorResponse(exception , Category.Error exception.getMessage());
      }
    }
    

    “访问此资源需要完全身份验证访问”

    1 回复  |  直到 1 月前
        1
  •  2
  •   deepakchethan    1 月前

    将不会从筛选器中调用异常处理程序。你可以用 HttpServletResponse 从过滤器中手动写入错误响应,如下所示:

      protected void onFailedAuthentication(
          HttpServletRequest request,
          HttpServletResponse response,
          IrrecoverableAuthException failed) {
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        response.setStatus(failed.getStatus().getStatusCode());
    
        try (OutputStream out = response.getOutputStream()) {
          out.write(MAPPER.writeValueAsBytes(getErrorResponse())); // build the required response here
          out.flush();
        } catch (IOException e) {
          response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
        }
      }
    

    @Slf4j
    @Component
    public classTokenValidationFilter extends OncePerRequestFilter {
    
      @Autowired
      private TokenValidationHelper tokenValidationHelper;
    
      @Override
      protected void doFilterInternal(HttpServletRequest servletRequest, 
                HttpServletResponse servletResponse,
                FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
        MultiReadRequestWrapper request = new MultiReadRequestWrapper(httpRequest);
        SecurityContext context = SecurityContextHolder.getContext();
        // check if already authenticated
        if (context.getAuthentication() == null) {
          try {
            Authentication authentication = 
            tokenValidationHelper.validateAndAuthenticate(request);
            context.setAuthentication(authentication);
          } catch(IrrecoverableAuthException ex) {
            onFailedAuthentication(httpRequest, httpResponse, ex);
          }
        }
        filterChain.doFilter(request, httpResponse);
      }
    }