我的应用程序正在使用Spring Security来验证传入的Endpoint调用。我试图在XwsSecurityInterceptor中出现任何问题时给客户端特定的错误代码,但我还没有找到一种方法来执行此操作。
这是我尝试过的:我使用的是从XwsSecurityInterceptor继承的EndpointInterceptor:
<bean name="myInterceptor" id="myInterceptor" class="x.y.MyPreAuthenticationSecurityInterceptor">
<property name="policyConfiguration" value="classpath:/security.xml" />
<property name="callbackHandlers">
<list>
<bean id="myCallbackHandler" class="x.y.MyCallbackHandler" />
</list>
</property>
</bean>
拦截器有一个处理PasswordValidationCallbacks的CallbackHandler'myCallbackHandler'。为了测试每个回调的目的,它会附加一个验证器,它会立即抛出某个异常(CustomException)并带有一定的错误代码:
@Override
protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback validationCallback = (PasswordValidationCallback) callback;
if (validationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
validationCallback.setValidator(new MyValidator());
return;
}
} else if (callback instanceof CleanupCallback) {
SecurityContextHolder.clearContext();
return;
}
throw new UnsupportedCallbackException(callback);
}
private class MyValidator implements PasswordValidationCallback.PasswordValidator {
public boolean validate(PasswordValidationCallback.Request request) throws PasswordValidationCallback.PasswordValidationException
{
throw new PasswordValidationCallback.PasswordValidationException("test", new CustomException("some error code"));
}
}
如https://docs.spring.io/spring-ws/site/reference/html/security.html第7.2.5节所述,异常处理在handleValidationException方法中完成。
在'MyPreAuthenticationSecurityInterceptor'中,我重写了handleValidationException方法:
@Override
public boolean handleValidationException(WsSecurityValidationException ex, MessageContext messageContext) {
if (logger.isWarnEnabled()) {
logger.warn("Could not validate request: " + ex.getMessage());
}
return false;
}
问题是在调试时我无法在WsSecurityValidationException中找到我的CustomException。根本原因是'com.sun.xml.wss.XWSSecurityException:用户名密码对无效'。
我是以错误的方式解决这个问题吗?