Joh*_*hnD 2 java spring spring-security oauth-2.0 spring-security-oauth2
我试图自定义Spring Security oAuth TokenEndpoint类处理异常的方式.我想返回一个比DefaultWebResponseExceptionTranslator当前更自定义的JSON响应.我无法弄清楚如何通过XML注入自定义转换器.这是我的代码片段:
弹簧security.xml文件
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler" request-validator-ref="requestValidator" >
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
这是AbstractServerBeanDefinitionParser的相关代码部分
BeanDefinitionBuilder tokenEndpointBean = BeanDefinitionBuilder.rootBeanDefinition(TokenEndpoint.class);
tokenEndpointBean.addPropertyReference("clientDetailsService", clientDetailsRef);
tokenEndpointBean.addPropertyReference("tokenGranter", tokenGranterRef);
authorizationEndpointBean.addPropertyReference("oAuth2RequestValidator", oAuth2RequestValidatorRef);
parserContext.getRegistry()
.registerBeanDefinition("oauth2TokenEndpoint", tokenEndpointBean.getBeanDefinition());
if (StringUtils.hasText(oAuth2RequestFactoryRef)) {
tokenEndpointBean.addPropertyReference("oAuth2RequestFactory", oAuth2RequestFactoryRef);
}
if (StringUtils.hasText(oAuth2RequestValidatorRef)) {
tokenEndpointBean.addPropertyReference("oAuth2RequestValidator", oAuth2RequestValidatorRef);
}
TokenEndpoint扩展了AbstractEndpoint,它是定义翻译器的地方.
@FrameworkEndpoint
public class TokenEndpoint extends AbstractEndpoint {
@ExceptionHandler(Exception.class)
public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage());
return getExceptionTranslator().translate(e);
}
这是来自AbtractEndpoint的片段
public class AbstractEndpoint implements InitializingBean {
protected final Log logger = LogFactory.getLog(getClass());
private WebResponseExceptionTranslator providerExceptionHandler = new DefaultWebResponseExceptionTranslator();
public void setProviderExceptionHandler(WebResponseExceptionTranslator providerExceptionHandler) {
this.providerExceptionHandler = providerExceptionHandler;
}
所以我的问题是.如何通过spring-security.xml调用setProviderExceptionHandler来传递我的自定义类?
为了自定义spring-oauth的异常处理程序,您必须定义一个实例WebResponseExceptionTranslator:
@Bean
public WebResponseExceptionTranslator webResponseExceptionTranslator() {
return new DefaultWebResponseExceptionTranslator() {
@Override
public ResponseEntity<OAuth2Exception> translate(Exception e) throws Exception {
ResponseEntity<OAuth2Exception> responseEntity = super.translate(e);
OAuth2Exception body = responseEntity.getBody();
HttpHeaders headers = new HttpHeaders();
headers.setAll(responseEntity.getHeaders().toSingleValueMap());
// do something with header or response
return new ResponseEntity<>(body, headers, responseEntity.getStatusCode());
}
};
}
并将其传递给exceptionTranslatorconfigurer的属性.我使用基于注释的配置,所以看起来像这样:
@Configuration
@EnableAuthorizationServer
public class OAuth2ServerConfiguration extends AuthorizationServerConfigurerAdapter {
// some config
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.pathMapping("/oauth/authorize", "/authorize")
.pathMapping("/oauth/error", "/error")
.exceptionTranslator(webResponseExceptionTranslator())
;
}
}
只需检查<oauth:authorization-server />基于xml的配置可用的属性.
| 归档时间: |
|
| 查看次数: |
3162 次 |
| 最近记录: |