当用户帐户被禁用时,我试图让Spring Security返回带有定制消息的401响应。
我已经从验证尝试中抛出了想要的DisabledException,但似乎无法将DisabledException传达给发送我的REST HTTP错误的AuthenticationEntryPoint
为什么AuthenticationException中的AuthErrorHandler与JwtAuthenticationFilter中抛出的数字为何?
class JwtAuthenticationFilter(authManager: AuthenticationManager) : UsernamePasswordAuthenticationFilter() {
[...]
override fun unsuccessfulAuthentication(request: HttpServletRequest, response: HttpServletResponse, failed: AuthenticationException) {
if (failed is DisabledException) {
// The HTTP status goes through successfully, but not the message
response.sendError(480, "I'm not received on the other end.")
} else {
super.unsuccessfulAuthentication(request, response, failed)
}
}
}
class AuthErrorHandler : AuthenticationEntryPoint {
@Throws(IOException::class, ServletException::class)
override fun commence(request: HttpServletRequest, response: HttpServletResponse, authException: AuthenticationException) {
if (response.status != 480) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.message)
}
// Else we've already sent the proper error
}
}
有没有一种方法可以发送有用的消息,或者更合适的方法呢?