Security OAuth2 自定义异常响应

拼搏现实的明天。 2023-06-16 15:58 4阅读 0赞

转载自：[https://www.cnblogs.com/bndong/p/10275430.html][https_www.cnblogs.com_bndong_p_10275430.html]

## 叙述 ##

对于客户端开发或者网站开发而言，调用接口返回有统一的响应体，可以针对性的设计界面，代码结构更加清晰，层次也更加分明。

### 默认异常响应 ###

在使用 Spring Security Oauth2 登录和鉴权失败时，默认返回的异常信息如下：

{
      "error": "unauthorized",
      "error_description": "Full authentication is required to access this resource"
    }

这与我们返回的信息格式不一致。如果需要修改这种返回的格式，需要重写相关异常处理类。这里我统一的是资源服务器（网关）的响应格式。

### 自定义异常响应 ###

校验token异常

新增 AuthExceptionEntryPoint.java

@Component
    public class AuthExceptionEntryPoint implements AuthenticationEntryPoint
    {
    
        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response,
                             AuthenticationException authException) throws ServletException {
            Map<String, Object> map = new HashMap<String, Object>();
            Throwable cause = authException.getCause();
    
            response.setStatus(HttpStatus.OK.value());
            response.setHeader("Content-Type", "application/json;charset=UTF-8");
            try {
                if(cause instanceof InvalidTokenException) {
                    response.getWriter().write(ResultJsonUtil.build(
                            ResponseCodeConstant.REQUEST_FAILED,
                            ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,
                            ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL
                    ));
                }else{
                    response.getWriter().write(ResultJsonUtil.build(
                            ResponseCodeConstant.REQUEST_FAILED,
                            ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,
                            ResponseMessageConstant.OAUTH_TOKEN_MISSING
                    ));
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

校验权限异常

新增 CustomAccessDeniedHandler.java

@Component("customAccessDeniedHandler")
    public class CustomAccessDeniedHandler implements AccessDeniedHandler {
    
        @Override
        public void handle(HttpServletRequest request, HttpServletResponse response,
                           AccessDeniedException accessDeniedException)
                throws IOException, ServletException {
            response.setStatus(HttpStatus.OK.value());
            response.setHeader("Content-Type", "application/json;charset=UTF-8");
            try {
                response.getWriter().write(ResultJsonUtil.build(
                        ResponseCodeConstant.REQUEST_FAILED,
                        ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED,
                        ResponseMessageConstant.OAUTH_TOKEN_DENIED
                ));
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

资源服务中配置异常处理类

修改资源配置类 ResourceServerConfiguration.java

@Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.tokenExtractor(customTokenExtractor);
        resources.authenticationEntryPoint(authExceptionEntryPoint)
                .accessDeniedHandler(customAccessDeniedHandler);
    }

自定义响应结果

![format_png][]

![format_png 1][]

[https_www.cnblogs.com_bndong_p_10275430.html]: https://www.cnblogs.com/bndong/p/10275430.html
[format_png]: https://imgconvert.csdnimg.cn/aHR0cHM6Ly9pbWcyMDE4LmNuYmxvZ3MuY29tL2Jsb2cvMTA2NTQ1NC8yMDE5MDEvMTA2NTQ1NC0yMDE5MDExNjEwMTA1MzUzMS0xMTczMTQ4MzQzLnBuZw?x-oss-process=image/format,png
[format_png 1]: https://imgconvert.csdnimg.cn/aHR0cHM6Ly9pbWcyMDE4LmNuYmxvZ3MuY29tL2Jsb2cvMTA2NTQ1NC8yMDE5MDEvMTA2NTQ1NC0yMDE5MDExNjEwMTAyMDY5OC0yODUwNTYwNDgucG5n?x-oss-process=image/format,png