如何覆盖这个`/ error`端点?

时间:2016-04-15 20:49:14

标签: spring spring-mvc spring-security spring-boot spring-oauth2

我正在通过分解this set of three interconnected apps at GitHub来学习Spring OAuth,同时也仔细研究Spring OAuth 2 Developer Guide at this link开发者指南说明/oauth/error端点需要自定义,但应使用哪些特定代码来成功覆盖/oauth/error

第一次尝试:

我第一次尝试覆盖,就是抛出错误,您可以在the debug log, which I have uploaded to a file sharing site at this link中看到错误。

我首先尝试使用Spring提供的代码元素在示例应用程序中工作。

首先,我在上面的示例应用链接中为authserver应用添加了一个新的控制器类,并添加了一些the sample code from Spring's WhiteLabelErrorEndpoint.java, which you can read at this link。我的尝试如下:

package demo;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.HtmlUtils;

@Controller
public class CustomViewsController {

private static final String ERROR = "<html><body><h1>OAuth Error</h1><p>${errorSummary}</p></body></html>";

@RequestMapping("/oauth/error")
public ModelAndView handleError(HttpServletRequest request) {
    Map<String, Object> model = new HashMap<String, Object>();
    Object error = request.getAttribute("error");
    // The error summary may contain malicious user input,
    // it needs to be escaped to prevent XSS
    String errorSummary;
    if (error instanceof OAuth2Exception) {
        OAuth2Exception oauthError = (OAuth2Exception) error;
        errorSummary = HtmlUtils.htmlEscape(oauthError.getSummary());
    }
    else {
        errorSummary = "Unknown error";
    }
    model.put("errorSummary", errorSummary);
    return new ModelAndView(new SpelView(ERROR), model);
    }
}

我添加了by copying the code from this link上面的链接使用的以下SpelView.java字符串处理程序类:

package demo;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.context.expression.MapAccessor;
import org.springframework.expression.Expression;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.util.PropertyPlaceholderHelper;
import org.springframework.util.PropertyPlaceholderHelper.PlaceholderResolver;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

/**
 * Simple String template renderer.
 * 
 */
class SpelView implements View {

    private final String template;

    private final String prefix;

    private final SpelExpressionParser parser = new SpelExpressionParser();

    private final StandardEvaluationContext context = new StandardEvaluationContext();

    private PlaceholderResolver resolver;

    public SpelView(String template) {
        this.template = template;
        this.prefix = new RandomValueStringGenerator().generate() + "{";
        this.context.addPropertyAccessor(new MapAccessor());
        this.resolver = new PlaceholderResolver() {
            public String resolvePlaceholder(String name) {
                Expression expression = parser.parseExpression(name);
                Object value = expression.getValue(context);
                return value == null ? null : value.toString();
            }
        };
    }

    public String getContentType() {
        return "text/html";
    }

    public void render(Map<String, ?> model, HttpServletRequest request, HttpServletResponse response)
            throws Exception {
        Map<String, Object> map = new HashMap<String, Object>(model);
        String path = ServletUriComponentsBuilder.fromContextPath(request).build()
                .getPath();
        map.put("path", (Object) path==null ? "" : path);
        context.setRootObject(map);
        String maskedTemplate = template.replace("${", prefix);
        PropertyPlaceholderHelper helper = new PropertyPlaceholderHelper(prefix, "}");
        String result = helper.replacePlaceholders(maskedTemplate, resolver);
        result = result.replace(prefix, "${");
        response.setContentType(getContentType());
        response.getWriter().append(result);
    }

}

1 个答案:

答案 0 :(得分:1)

要覆盖错误视图,请定义控制器,例如

@Controller
public class ErrorController {
    @RequestMapping("/oauth/error")
    public String error(Map<String,Object> model) {
       // .. do stuff to the model
       return "error";
    }
}

然后实现&#34;错误&#34;视图。例如。使用Freemarker,在Spring Boot应用程序中创建一个名为&#34; error.ftl&#34;在&#34;模板&#34;类路径顶部的目录:

<html><body>Wah, there was an error!</body></html>

这只是vanilla Spring MVC所以请参考Spring用户指南了解更多详情。

相关问题
最新问题