我想为禁止的错误创建自定义错误消息。我试过了:
Spring安全配置:] >>
]@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private JwtTokenProvider jwtTokenProvider; @Override protected void configure(HttpSecurity http) throws Exception { // Disable CSRF (cross site request forgery) http.csrf().disable(); // No session will be created or used by spring security http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Entry points http.authorizeRequests()// .antMatchers("/users/signin").permitAll()// .antMatchers("/users/signup").permitAll()// .antMatchers("/h2-console/**/**").permitAll() // Disallow everything else.. .anyRequest().authenticated(); // If a user try to access a resource without having enough permissions http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()); // Apply JWT http.apply(new JwtTokenFilterConfigurer(jwtTokenProvider)); // Optional, if you want to test the API from a browser // http.httpBasic(); } @Override public void configure(WebSecurity web) throws Exception { // Allow swagger to be accessed without authentication web.ignoring().antMatchers("/v2/api-docs")// .antMatchers("/swagger-resources/**")// .antMatchers("/swagger-ui.html")// .antMatchers("/configuration/**")// .antMatchers("/webjars/**")// .antMatchers("/public") // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production) .and() .ignoring() .antMatchers("/h2-console/**/**"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(12); } // @Override // @Bean // public AuthenticationManager authenticationManagerBean() throws Exception { // return super.authenticationManagerBean(); // } @Bean public AccessDeniedHandler accessDeniedHandler() { return new CustomAccessDeniedHandler(); } }
自定义处理程序:
public class CustomAccessDeniedHandler implements AccessDeniedHandler { public static final Logger LOG = LoggerFactory.getLogger(CustomAccessDeniedHandler.class); @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exc) throws IOException, ServletException { response.setStatus(HttpStatus.UNAUTHORIZED.value()); String jsonPayload = "{\"messffffffage\" : \"%s\", \"timestamp\" : \"%s\" }"; response.getOutputStream().println(String.format(jsonPayload, exc.getMessage(), Calendar.getInstance().getTime())); } }
但是我得到默认的错误信息:
{ "timestamp": "2020-06-09T21:23:32.528+00:00", "status": 403, "error": "Forbidden", "message": "", "path": "/engine/users/request" }
您知道我如何正确实现处理程序吗?
我想为禁止的错误创建自定义错误消息。我尝试了这个:春季安全配置:@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true)public ...
我最近有一个类似的问题,我认为您可以这样实现您想要的目标:
只需添加AuthenticationEntryPoint