spring security 自定义token验证失败返回内容

重新开放
发布

您好:

我遇到了和http://andaily.com/blog/?dwqa-question=%E8%87%AA%E5%AE%9A%E4%B9%89token%E9%AA%8C%E8%AF%81%E5%A4%B1%E8%B4%A5%E8%BF%94%E5%9B%9E%E7%9A%84%E5%BC%82%E5%B8%B8%E4%BF%A1%E6%81%AF 这篇帖子中一样的问题(我想自定义token验证失败后返回的内容)

返回内容:

<oauth>
<error_description>Invalid access token: xxxxxx</error_description>
<error>invalid_token</error>
</oauth>
控制台日志:

[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:140) – Token not found in headers. Trying request parameters.

[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:637) – Executing prepared SQL query

[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:572) – Executing prepared SQL statement [select token_id, token from oauth_access_token where token_id = ?]

[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:110) – Fetching JDBC Connection from DataSource

[WEB][150715 13:18:20,836] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:327) – Returning JDBC Connection to DataSource

[WEB][150715 13:18:20,838] [ INFO] [http-nio-8080-exec-13] (JdbcTokenStore.java:157) – Failed to find access token for token xxxxxx

[WEB][150715 13:18:20,838] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:122) – Authentication request failed: error=”invalid_token”, error_description=”Invalid access token: 2bd”

[WEB][150715 13:18:20,839] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (DefaultOAuth2ExceptionRenderer.java:101) – Written [error=”invalid_token”, error_description=”Invalid access token: 2bd”] as “application/xhtml+xml” using [org.springframework.security.oauth2.http.converter.jaxb.JaxbOAuth2ExceptionMessageConverter@4d8446fc]

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (SecurityContextPersistenceFilter.java:97) – SecurityContextHolder now cleared, as request processing completed

然后我根据您在该帖子下面的回复

管理员 2015-06-23

朋友,需要自定义TOKEN的返回值, 你可以访问这文章
http://andaily.com/blog/?p=97
里面有接口你可以去扩展实现返回的内容及格式.

修改了相关内容,具体如下:

security.xml

<http pattern=“/v1/api/**” create-session=“never”

    entry-point-ref=“myBasicAuthenticationEntryPoint”

          access-decision-manager-ref=“oauth2AccessDecisionManager”>

        <anonymous enabled=“false”/>

        <access-denied-handler ref=“myAccessDeniedHandler”/>

<http-basic entry-point-ref=“myBasicAuthenticationEntryPoint” />

        <intercept-url pattern=“/v1/api/**” access=“ROLE_UNITY,SCOPE_READ”/>

        <custom-filter ref=“unityResourceServer” before=“PRE_AUTH_FILTER”/>

    </http>

<beans:bean id=“myAccessDeniedHandler”

                class=“com.test.security.handler.MyAccessDeniedHandler”/>

MyAccessDeniedHandler.java

public class MyAccessDeniedHandler implements AccessDeniedHandler {

@Override

public void handle(HttpServletRequest request, HttpServletResponse response,

AccessDeniedException accessDeniedException)

                throws IOException, ServletException {

response.getWriter().write(“myAccessDeniedHandler”);

response.getWriter().flush();

response.getWriter().close();

}

}

 希望得到您的解答.

 

3 答案

发布
andaily 管理员 2015-07-15

朋友,
你好.
其实你仔细看文章http://andaily.com/blog/?p=97你会发现图片中我的意思是要你去覆盖默认的对象,如DefaultWebResponseExceptionTranslator, DefaultOAuth2ExceptionRenderer等.
明白了吧, 需要自定义异常返回的数据格式时去检查里面默认如何实现,然后去修改返回.
而不是去覆盖OAuth2AccessDeniedHandler中的方法.
你去试试看.或者打断点查看在哪个类里处理的.

#1
  1. leohsu 管理员 2015-07-16
    首先对问题的排版十分抱歉,怎么发表出来排版成这个样子了. - - ! 我找到了最终处理的是DefaultOAuth2ExceptionRenderer,但是不知道如何去覆盖它,还希望能够指导.
发布
andaily 管理员 2015-07-16

第一,写个它的子类去覆盖默认的实现方法,没问题吧.
第二,配置到security.xml, 如下

<beans:bean id="oauth2AccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
<beans:property name="exceptionRenderer" ref="custom_OAuth2ExceptionRenderer"/>
</beans:bean>
#2
  1. andailyandaily 管理员 andaily 2015-07-16
    custom_OAuth2ExceptionRenderer 就是你扩展覆盖默认的那个对象
发布
管理员 2015-08-19

有人解决了这个问题吗? 根据楼上的做法,还是实现不了阿 

#3
  1. andailyandaily 管理员 andaily 2015-09-23
    朋友, 你可以将问题添加到spring-oauth-sever的ISSUE中,提交一个ISSUE, 我将会花时间去解决处理.

请登录或者 注册 来提交答案