我想在WebSecurityConfigurerAdapter过滤器方法中添加自定义异常处理程序。
我正在使用自定义过滤器从当前请求中获取授权API密钥。然后将该API密钥与存储的apikey进行匹配,如果未匹配API密钥,则要显示自定义异常,显示“无效的API密钥”,或者如果未提供API密钥,则“在授权标头中找不到API密钥”。
当API密钥不匹配时如何将自定义通知作为BadCredentialsException抛出。
我的SpringSecurityConfig类
package com.nil.springjpa.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import com.nil.springjpa.exceptions.BadCredentialsException;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationEntryPoint authEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("1st");
/*
* http.csrf().disable().authorizeRequests() .anyRequest().authenticated()
* .and().httpBasic() .authenticationEntryPoint(authEntryPoint);
*/
PreAuthTokenHeaderFilter filter = new PreAuthTokenHeaderFilter("Authorization");
filter.setAuthenticationManager(new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String principal = (String) authentication.getPrincipal();
String authHeaderValue = "123xyz";
System.out.println("5th" + principal);
if (!authHeaderValue.equals(principal)) {
System.out.println("5th" + principal);
throw new BadCredentialsException("API Key not matched");
}
authentication.setAuthenticated(true);
return authentication;
}
});
http.csrf().disable().addFilter(filter)
.addFilterBefore(new ExceptionTranslationFilter(authEntryPoint), filter.getClass()).authorizeRequests()
.anyRequest().authenticated();
/*
* http.csrf().disable().authorizeRequests() .anyRequest().authenticated()
* .and().httpBasic() .authenticationEntryPoint(authEntryPoint);
*/
}
}
使用ControllerAdvice。
@ControllerAdvice
@RequestMapping(produces = "application/json")
public class CentralExceptionHandler {
// handle custom exceptions
}