我想使用Spring Security OAuth 2.0来保护我的REST API和OAuth 2.0。在/ oauth / token请求中我想处理一个请求,以检查它是否包含必需的自定义数据。我添加了一个过滤器(OAuth2CookieFilter)来执行此操作。如果此信息不可用,我想使用自定义JSON消息抛出异常。为此,我实现了一个自定义异常转换器和异常渲染器,并将它们添加到了身份验证入口点。问题是当我在OAuth2CookieFilter中抛出异常(继承自OAuth2Exception)时,我的异常处理代码不会被调用。相反,我得到一个带有堆栈跟踪的html页面作为响应。下面是我的XML配置;我从不必要的代码中剥离了它。你知道出了什么问题吗?
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<mvc:cors>
<mvc:mapping path="/**" />
</mvc:cors>
<bean id="oAuth2CookieFilter" class="org.mycompany.services.security.OAuth2CookieFilter" />
<bean id="corsHandler" class="org.mycompany.services.security.CORSFilter" />
<bean id="putFormFilter" class="org.springframework.web.filter.HttpPutFormContentFilter" />
<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
<security:anonymous enabled="false" />
<security:intercept-url pattern="/oauth/token" access="hasRole('ROLE_TRUSTED_CLIENT')" />
<security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<security:custom-filter ref="oAuth2CookieFilter" after="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsHandler" before="PRE_AUTH_FILTER"/>
<security:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager id="clientAuthenticationManager">
<security:authentication-provider user-service-ref="clientDetailsUserService" />
</security:authentication-manager>
<bean id="clientDetailsUserService" class="org.mycompany.services.security.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="clientDetails" class="org.mycompany.services.security.ClientDetailsService"/>
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="server" />
<property name="typeName" value="Basic" />
<property name="exceptionTranslator" ref="oauthErrorHandler" />
<property name="exceptionRenderer" ref="oauthExceptionRender" />
</bean>
<!-- Protected resources -->
<security:http pattern="/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint">
<security:anonymous enabled="false" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<security:custom-filter ref="putFormFilter" position="FIRST"/>
<security:custom-filter ref="corsHandler" before="PRE_AUTH_FILTER"/>
<security:custom-filter ref="resourceServerFilter" after="PRE_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true" />
</security:http>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="server" />
<property name="exceptionTranslator" ref="oauthErrorHandler" />
<property name="exceptionRenderer" ref="oauthExceptionRender" />
</bean>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
<property name="exceptionTranslator" ref="oauthErrorHandler" />
<property name="exceptionRenderer" ref="oauthExceptionRender" />
</bean>
<bean id="oauthErrorHandler" class="org.mycompany.services.security.exception.OauthErrorHandler"/>
<bean id="oauthExceptionRender" class="org.mycompany.services.security.exception.OauthExceptionRenderer"/>
<!-- I THINK THIS CODE BELOW IS NOT RELATED TO THE PROBLEM BUT I PASTE IT ANYWAY -->
<bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
<constructor-arg value="${passwordSecret}"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="encoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="userDetailsService" class="org.mycompany.services.security.UserDetailsService"/>
<!-- Token Store -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore" >
<constructor-arg ref="JwttokenConverter"></constructor-arg>
</bean>
<bean id="approvalStore" class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
<property name="tokenStore" ref="tokenStore" />
</bean>
<bean id="JwttokenConverter" class="org.mycompany.services.security.TokenEncoder">
<property name="signingKey" value="${signingKey}"></property>
</bean>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices" >
<property name="tokenStore" ref="tokenStore" />
<property name="tokenEnhancer" ref="JwttokenConverter" />
<property name="supportRefreshToken" value="true" />
<property name="clientDetailsService" ref="clientDetails" />
<property name="accessTokenValiditySeconds" value="300" />
</bean>
<bean id="oAuth2RequestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<property name="clientDetailsService" ref="clientDetails" />
<property name="tokenStore" ref="tokenStore" />
<property name="requestFactory" ref="oAuth2RequestFactory" />
</bean>
<oauth2:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" user-approval-handler-ref="userApprovalHandler">
<oauth2:authorization-code />
<oauth2:implicit />
<oauth2:refresh-token />
<oauth2:client-credentials />
<oauth2:password authentication-manager-ref="authenticationManager"/>
</oauth2:authorization-server>
<oauth2:resource-server id="resourceServerFilter" resource-id="server" token-services-ref="tokenServices" token-extractor-ref="tokenExtractor"/>
<bean id="tokenExtractor" class="org.mycompany.services.security.TokenExtractor"/>
<oauth2:expression-handler id="oauthExpressionHandler" />
<oauth2:web-expression-handler id="oauthWebExpressionHandler" />