我正在我的应用程序中使用JWT实现Spring安全性,当有未经授权的调用时,它会返回以下响应
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
响应json如下所示
{
"timestamp": 1497832267379,
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/path"
}
而不是这样我可以发送自己的自定义响应,例如:
{
"code":401,
"message":"The request is unauthorized"
}
感谢任何帮助
修改的
我将代码更新为以下格式:
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
//response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
status UnautorizedEntry = new status();
UnautorizedEntry.setCode(401);
UnautorizedEntry.setMessage("Unauthorized Entry");
Map<String, Object> UnautorizedEntryResponse=new HashMap<String, Object>();
UnautorizedEntryResponse.put("status", UnautorizedEntry);
objectMapper.writeValue(response.getOutputStream(), UnautorizedEntry);
response.flushBuffer();
}
我的状态类如下:
public class status {
int code;
String message;
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
现在我得到200响应,但屏幕上没有显示任何内容。它是完全空白的。感谢任何帮助
答案 0 :(得分:1)
这应该适合你:
@Autowired
private ObjectMapper objectMapper;
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
// notify client of response body content type
response.addHeader("Content-Type", "application/json;charset=UTF-8");
// set the response status code
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// set up the response body
Status unauthorized = new Status(HttpServletResponse.SC_UNAUTHORIZED,
"The request is unauthorized");
// write the response body
objectMapper.writeValue(response.getOutputStream(), unauthorized);
// commit the response
response.flushBuffer();
}
public class Status {
private int code;
private String message;
public Status(int code, String message) {
this.code = code;
this.message = message;
}
public int getCode() {
return code;
}
public String getMessage() {
return message;
}
}
请注意,您需要
答案 1 :(得分:1)
您可以尝试添加控制器建议
@RestController
@ControllerAdvice
public class ExceptionHandlerController {
@ExceptionHandler(UsernameNotFoundException.class, DataAccessException.class)
@ResponseStatus(HttpStatus.SC_UNAUTHORIZED)
@ResponseBody ErrorInfo
UnauthorizeExceptionInfo(HttpServletRequest req, Exception ex) {
return new ErrorInfo(req.getRequestURL(), ex);
}
}
和ErrorInfo.class
@JsonIgnore
public final StringBuffer url;
public final String ex;
public ErrorInfo(StringBuffer stringBuffer, Exception ex) {
this.url = stringBuffer;
this.ex = ex.getLocalizedMessage();
}
当你抛出一个新的UsernameNotFoundException时,控制器将处理响应。
如果密码/电子邮件不匹配,我认为异常是从CustomUserDetailsService中的@Override public loadUserByUsername中抛出。
此处有更多详情:https://spring.io/blog/2013/11/01/exception-handling-in-spring-mvc