我有一個用于對用戶進行身份驗證的自定義過濾器。即使我拋出了一個帶有特定訊息的自定義例外并添加了例外處理程式,我也總是收到完整的身份驗證錯誤。
過濾器代碼:
@Slf4j
@Component
public classTokenValidationFilter extends OncePerRequestFilter {
@Autowired
private TokenValidationHelper tokenValidationHelper;
@Override
protected void doFilterInternal(HttpServletRequest servletRequest,
HttpServletResponse servletResponse,
FilterChain filterChain) throws ServletException, IOException {
HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
MultiReadRequestWrapper request = new MultiReadRequestWrapper(httpRequest);
SecurityContext context = SecurityContextHolder.getContext();
// check if already authenticated
if (context.getAuthentication() == null) {
Authentication authentication =
tokenValidationHelper.validateAndAuthenticate(request);
context.setAuthentication(authentication);
}
filterChain.doFilter(request, httpResponse);
}
}
例外處理程式代碼:
@ControllerAdvice
public class ExceptionHandler {
@ExceptionHandler({IrrecoverableAuthException.class})
@ResponseBody
@ResponseStatus(HttpStatus.UNAUTHORIZED)
public RegistrationErrorResponse handleInternalServerException(IrrecoverableAuthException exception) {
return getErrorResponse(exception , Category.Error exception.getMessage());
}
}
但仍然收到錯誤資訊
“訪問此資源需要完全身份驗證訪問”
uj5u.com熱心網友回復:
不會從過濾器中呼叫例外處理程式。您可以HttpServletResponse在過濾器中使用并手動撰寫錯誤回應,如下所示:
protected void onFailedAuthentication(
HttpServletRequest request,
HttpServletResponse response,
IrrecoverableAuthException failed) {
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setStatus(failed.getStatus().getStatusCode());
try (OutputStream out = response.getOutputStream()) {
out.write(MAPPER.writeValueAsBytes(getErrorResponse())); // build the required response here
out.flush();
} catch (IOException e) {
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
}
}
從您的過濾器中呼叫此方法
@Slf4j
@Component
public classTokenValidationFilter extends OncePerRequestFilter {
@Autowired
private TokenValidationHelper tokenValidationHelper;
@Override
protected void doFilterInternal(HttpServletRequest servletRequest,
HttpServletResponse servletResponse,
FilterChain filterChain) throws ServletException, IOException {
HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
MultiReadRequestWrapper request = new MultiReadRequestWrapper(httpRequest);
SecurityContext context = SecurityContextHolder.getContext();
// check if already authenticated
if (context.getAuthentication() == null) {
try {
Authentication authentication =
tokenValidationHelper.validateAndAuthenticate(request);
context.setAuthentication(authentication);
} catch(IrrecoverableAuthException ex) {
onFailedAuthentication(httpRequest, httpResponse, ex);
}
}
filterChain.doFilter(request, httpResponse);
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/368488.html