我对Spring MVC相对较新,我目前需要为Web服务包含一个身份验证拦截器。如果身份验证失败,我需要拦截器抛出一个AccessForbiddenException,如果它通过则返回true。我还创建了一个AuthenticationExceptionController来捕获异常并返回一个带有HttpStatus的ResponseEntity。但是,当我遇到内部错误500并且我怀疑它是由于AuthenticationExceptionController无法捕获异常。以下是我的代码。关于我如何解决它的任何建议?
AuthenticationInterceptor.java
package path.controller;
public class AuthenticationInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// handle the authentication check
if(authentication fails) {
throw new AccessForbiddenException("access forbidden");
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}
AccessForbiddenException.java
package path.controller;
public class AccessForbiddenException extends RunTimeException{
public AccessForbiddenException(String message) {
super(message);
}
}
AuthenticationExceptionController.java
package path.controller;
@ControllerAdvice
public class AuthenticationExceptionController {
@ExceptionHandler(AccessForbiddenException.class)
public ResponseEntity<?> handleException(AccessForbiddenException e) {
return new ResponseEntity<String>(e.getMessage(), HttpStatus.FORBIDDEN);
}
}
根context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:annotation-config />
<bean id="contextApplicationContextProvider" class="path.context.provider.ApplicationContextProvider"></bean>
<context:property-placeholder location="classpath:application.properties" />
<context:component-scan base-package="path.**" />
</beans>
servlet的context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<context:property-placeholder location="classpath:application.properties" />
<context:annotation-config />
<annotation-driven />
<view-controller path="" view-name="index.html" />
<resources mapping="**" location="/" />
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/" />
<beans:property name="suffix" value="" />
</beans:bean>
<interceptors>
<interceptor>
<mapping path="/**" />
<exclude-mapping path="/login"/>
<exclude-mapping path="/authenticate"/>
<beans:bean class="path.controller.AuthenticationInterceptor" />
</interceptor>
</interceptors>
<context:component-scan base-package="path" use-default-filters="false">
<context:include-filter expression="path.Controller" type="annotation" />
</context:component-scan>
</beans:beans>
答案 0 :(得分:0)
@ControllerAdvice仅捕获在控制器级别引发的异常。
因此,如果在控制器调用之前在auth级别抛出异常,那么它是徒劳的。
相反,您可以尝试在auth之前添加过滤器并捕获过滤器中的异常。