AuthenticationEntryPoint

时间:2018-08-28 00:11:21

标签: java spring spring-boot spring-security kotlin

当用户帐户被禁用时,我试图让Spring Security返回带有定制消息的401响应。

我已经从验证尝试中抛出了想要的DisabledException,但似乎无法将DisabledException传达给发送我的REST HTTP错误的AuthenticationEntryPoint

为什么AuthenticationException中的AuthErrorHandlerJwtAuthenticationFilter中抛出的数字为何?

class JwtAuthenticationFilter(authManager: AuthenticationManager) : UsernamePasswordAuthenticationFilter() {
    [...]
    override fun unsuccessfulAuthentication(request: HttpServletRequest, response: HttpServletResponse, failed: AuthenticationException) {
        if (failed is DisabledException) {
            // The HTTP status goes through successfully, but not the message
            response.sendError(480, "I'm not received on the other end.")
        } else {
            super.unsuccessfulAuthentication(request, response, failed)
        }
    }
}
class AuthErrorHandler : AuthenticationEntryPoint {
    @Throws(IOException::class, ServletException::class)
    override fun commence(request: HttpServletRequest, response: HttpServletResponse, authException: AuthenticationException) {
        if (response.status != 480) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.message)
        }
        // Else we've already sent the proper error
    }
}

有没有一种方法可以发送有用的消息,或者更合适的方法呢?

0 个答案:

没有答案