目前,每当用户验证失败时,Spring安全性响应:
{"error": "invalid_grant","error_description": "Bad credentials"}
我想通过以下响应代码来增强此响应:
{"responsecode": "XYZ","error": "invalid_grant","error_description": "Bad credentials"}
经过一番探讨,看起来我需要做的就是实现一个AuthenticationFailureHandler,我已经开始做了.但是,每当我提交无效的登录凭据时,似乎都无法访问onAuthenticationFailure方法.我已经逐步完成了代码,并在onAuthenticationFailure方法中进行了记录,以确认它未被访问.
我的失败处理程序是:
@Component
public class SSOAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler{
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
super.onAuthenticationFailure(request, response, exception);
response.addHeader("responsecode", "XYZ");
}
}
我的WebSecurityConfigurerAdapter包含:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired SSOAuthenticationFailureHandler authenticationFailureHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.formLogin().failureHandler(authenticationFailureHandler);
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(service).passwordEncoder(passwordEncoder());
auth.authenticationEventPublisher(defaultAuthenticationEventPublisher());
}
@Bean
public DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher(){
return new DefaultAuthenticationEventPublisher(); …