如果登录/注销成功或失败,我正在尝试使用Spring webflux安全性自定义字符串消息进行设置。除“ authenticationFailureHandler”外,其他处理程序都在工作。文档中提到了有关“ logoutSuccessUrl()”的内容,但该内容不存在,并且这些处理程序将返回Mono
如何返回一些字符串作为响应,例如,如果身份验证失败,则显示诸如“无效的用户名或密码”之类的字符串,或一些json字符串。我试图重定向到某个动作,但是我无法使用void Mono来做到这一点。
为什么authenticationFailureHandler不起作用,而其他所有处理程序都起作用?那是错误吗?
-我尝试使用Mono.just(“ redirect:/ some-url”)。then()进行重定向,但是它什么也没做。对于响应
您可以在这里找到我的完整代码: https://github.com/iron2414/WebFluxAuth 它是本文代码的修改版本: https://medium.com/@mgray_94552/reactive-authorization-in-spring-security-943e6534aaeb
安全配置如下:
return http
.exceptionHandling()
.accessDeniedHandler((swe, e) -> {
System.out.println("ACCESS DENIED");
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
});
})
.authenticationEntryPoint((swe, e) -> {
System.out.println("AUTHENTICATION ENTRTY POINT");
ServerHttpResponse response = swe.getResponse();
return Mono.fromRunnable(() -> {
swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
});
})
.and()
.authorizeExchange()
.pathMatchers("/**").authenticated()
.and()
.formLogin()
.authenticationFailureHandler(MyAuthenticationFailureHandler())
.authenticationSuccessHandler(MyAuthenticationSuccessHandler()).and()
.logout().logoutSuccessHandler(MyLogoutHandler())
.and()
.csrf()
.disable()
.build();
loginFailure处理程序:
@Bean
public MyAuthenticationFailureHandler MyAuthenticationFailureHandler() {
return new MyAuthenticationFailureHandler();
}
@Component
public class MyAuthenticationFailureHandler implements ServerAuthenticationFailureHandler {
@Override
public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException e) {
//TODO redirect
System.out.println("AUTHENTICATION FAILURE");
return Mono.empty();
}
}
答案 0 :(得分:0)
对于响应,我必须使用“ RedirectServerAuthenticationSuccessHandler”进行身份验证成功。并且我创建了与失败完全相同的类。
身份验证失败处理程序不起作用是一个已知问题。为了使其正常工作,您必须设置登录页面。所以我只是将其更新为默认的“ /登录”
答案 1 :(得分:0)
我遇到了同样的问题,最终使用了自定义的DefaultErrorWebExceptionHandler来处理它:
@Component
public class MyGlobalWebExceptionHandler extends DefaultErrorWebExceptionHandler {
@Override
protected RouterFunction<ServerResponse> getRoutingFunction(ErrorAttributes errorAttributes) {
return route(all(), this::renderErrorResponse);
}
@Override
protected Mono<ServerResponse> renderErrorResponse(ServerRequest request) {
ErrorRepresentation representation = createErrorRepresentation(request);
return ServerResponse
.status(representation.getError().getStatus())
.contentType(APPLICATION_JSON_UTF8)
.body(BodyInserters.fromObject(representation));
}
private ErrorRepresentation createErrorRepresentation(ServerRequest request) {
boolean includeStackTrace = isIncludeStackTrace(request, MediaType.ALL);
Map<String, Object> error = getErrorAttributes(request, includeStackTrace);
Throwable throwable = getError(request);
if (throwable instanceof AuthenticationException) {
AuthenticationFailureException failureException = new AuthenticationFailureException(throwable.getMessage());
return new ErrorRepresentation(failureException, error.get("path").toString());
}
}
}