如何在Spring Boot Rest过滤器方法中处理自定义异常?

问题描述 投票:0回答:1

我想在WebSecurityConfigurerAdapter过滤器方法中添加自定义异常处理程序。

我正在使用自定义过滤器从当前请求中获取授权API密钥。然后将该API密钥与存储的apikey进行匹配,如果未匹配API密钥,则要显示自定义异常,显示“无效的API密钥”,或者如果未提供API密钥,则“在授权标头中找不到API密钥”。

当API密钥不匹配时如何将自定义通知作为BadCredentialsException抛出。

我的SpringSecurityConfig类

package com.nil.springjpa.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.access.ExceptionTranslationFilter;

import com.nil.springjpa.exceptions.BadCredentialsException;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationEntryPoint authEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("1st");

        /*
         * http.csrf().disable().authorizeRequests() .anyRequest().authenticated()
         * .and().httpBasic() .authenticationEntryPoint(authEntryPoint);
         */

        PreAuthTokenHeaderFilter filter = new PreAuthTokenHeaderFilter("Authorization");

        filter.setAuthenticationManager(new AuthenticationManager() {
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {

                String principal = (String) authentication.getPrincipal();
                String authHeaderValue = "123xyz";
                System.out.println("5th" + principal);
                if (!authHeaderValue.equals(principal)) {
                    System.out.println("5th" + principal);
                    throw new BadCredentialsException("API Key not matched");
                }
                authentication.setAuthenticated(true);
                return authentication;
            }
        });

        http.csrf().disable().addFilter(filter)
                .addFilterBefore(new ExceptionTranslationFilter(authEntryPoint), filter.getClass()).authorizeRequests()
                .anyRequest().authenticated();

        /*
         * http.csrf().disable().authorizeRequests() .anyRequest().authenticated()
         * .and().httpBasic() .authenticationEntryPoint(authEntryPoint);
         */

    }

}
spring-boot authorization servlet-filters
1个回答
0
投票

使用ControllerAdvice。

@ControllerAdvice
@RequestMapping(produces = "application/json")
public class CentralExceptionHandler {

// handle custom exceptions
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.