我有一个自定义的身份验证手柄
public class MyUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
private static final String SPRING_SECURITY_LAST_EXCEPTION_KEY = "SPRING_SECURITY_LAST_EXCEPTION";
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication Failed: " + getErrorMessage(request, SPRING_SECURITY_LAST_EXCEPTION_KEY));
}
private String getErrorMessage(HttpServletRequest request, String key) {
Exception exception = (Exception) request.getSession().getAttribute(key);
if (exception instanceof DisabledException) {
return "BOD/EOD";
}
return "another";
}
}
如果我输入了错误的信用证,我会看到以下http响应:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 Authentication Failed: another</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /application/login. Reason:
<pre> Authentication Failed: another</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
</body>
</html>
我希望在这种情况下获得json响应
答案 0 :(得分:0)
我喜欢将渲染移动到我的控制器,而不是直接使用Spring Security的API。您可以通过指示Spring Security将请求转发到URL来执行此操作。例如:
SimpleUrlAuthenticationFailureHandler handler =
new SimpleUrlAuthenticationFailureHandler("/401");
handler.setUseForward(true);
现在您可以创建一个处理401的端点。例如,如果您使用的是Spring MVC,则可以执行以下操作:
@RequestMapping("/401")
@ResponseBody
public Exception 401(HttpServletRequest request) {
return (Exception) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
关于这一点的好处是您获得了对控制器技术的所有标准支持。对于Spring MVC,这意味着您将获得内容协商(即JSON,XML等),返回类型的转换等。
答案 1 :(得分:-1)
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.getWriter().write(JsonUtil.toJson(SOME_OBJECT_HERE));