我使用Spring Boot作为REST API。
我有以下AuthenticationEntryPoint:
@Component
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
// This is invoked when user tries to access a secured REST resource without supplying any credentials
// We should just send a 401 Unauthorized response because there is no 'login page' to redirect to
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}
如果凭据错误,将返回401响应,其中包含以下正文:
{
"timestamp": 1464883746518,
"status": 401,
"error": "Unauthorized",
"exception": "org.springframework.security.authentication.BadCredentialsException",
"message": "Unauthorized",
"path": "/webapp/login"
}
我发现'exception'字段放弃了太多信息(f.i.我正在使用spring security) - 理想情况下我想隐藏响应中的信息。
我应该如何最好地回复不太透露的消息?
我最初的想法是抛出一个自定义异常并通过从new ResponseEntity(HttpStatus.UNAUTHORIZED)返回@ControllerAdvice来处理它?</ p>
是否有更好的(可能是标准化的)方式来返回更通用的错误消息?
答案 0 :(得分:1)
注册新的private void dataGridView1_CellFormatting(object sender, DataGridViewCellFormattingEventArgs e)
{
if (e.ColumnIndex == 0 && e.RowIndex != this.dataGridView1.NewRowIndex)
{
double d = double.Parse(e.Value.ToString());
e.Value = d.ToString("0");
}
else
{
if (e.ColumnIndex == 2 && e.RowIndex == this.dataGridView1.NewRowIndex)
{
double precio = Convert.ToDouble("0");
dataGridView1["Column7", e.RowIndex].Value = (precio.ToString());
}
}
}
并从错误回复中删除ErrorAttributes字段:
exception答案 1 :(得分:0)
状态401应包含需要哪种身份验证的信息,而不包含任何其他信息。