DWQA Questions分类: Oauthspring security 自定义token验证失败返回内容
leohsu 管理员 asked 6年 ago

您好:

我遇到了和http://andaily.com/blog/?dwqa-question=%E8%87%AA%E5%AE%9A%E4%B9%89token%E9%AA%8C%E8%AF%81%E5%A4%B1%E8%B4%A5%E8%BF%94%E5%9B%9E%E7%9A%84%E5%BC%82%E5%B8%B8%E4%BF%A1%E6%81%AF 这篇帖子中一样的问题(我想自定义token验证失败后返回的内容)

返回内容:

<oauth>
<error_description>Invalid access token: xxxxxx</error_description>
<error>invalid_token</error>
</oauth>
控制台日志:

[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:140) – Token not found in headers. Trying request parameters.

[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:637) – Executing prepared SQL query

[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:572) – Executing prepared SQL statement [select token_id, token from oauth_access_token where token_id = ?]

[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:110) – Fetching JDBC Connection from DataSource

[WEB][150715 13:18:20,836] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:327) – Returning JDBC Connection to DataSource

[WEB][150715 13:18:20,838] [ INFO] [http-nio-8080-exec-13] (JdbcTokenStore.java:157) – Failed to find access token for token xxxxxx

[WEB][150715 13:18:20,838] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:122) – Authentication request failed: error=”invalid_token”, error_description=”Invalid access token: 2bd”

[WEB][150715 13:18:20,839] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (DefaultOAuth2ExceptionRenderer.java:101) – Written [error=”invalid_token”, error_description=”Invalid access token: 2bd”] as “application/xhtml+xml” using [org.springframework.security.oauth2.http.converter.jaxb.JaxbOAuth2ExceptionMessageConverter@4d8446fc]

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.

[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (SecurityContextPersistenceFilter.java:97) – SecurityContextHolder now cleared, as request processing completed

然后我根据您在该帖子下面的回复

管理员 2015-06-23

朋友,需要自定义TOKEN的返回值, 你可以访问这文章
http://andaily.com/blog/?p=97
里面有接口你可以去扩展实现返回的内容及格式.

修改了相关内容,具体如下:

security.xml

<http pattern=“/v1/api/**” create-session=“never”

    entry-point-ref=“myBasicAuthenticationEntryPoint”

          access-decision-manager-ref=“oauth2AccessDecisionManager”>

        <anonymous enabled=“false”/>

        <access-denied-handler ref=“myAccessDeniedHandler”/>

<http-basic entry-point-ref=“myBasicAuthenticationEntryPoint” />

        <intercept-url pattern=“/v1/api/**” access=“ROLE_UNITY,SCOPE_READ”/>

        <custom-filter ref=“unityResourceServer” before=“PRE_AUTH_FILTER”/>

    </http>

<beans:bean id=“myAccessDeniedHandler”

                class=“com.test.security.handler.MyAccessDeniedHandler”/>

MyAccessDeniedHandler.java

public class MyAccessDeniedHandler implements AccessDeniedHandler {

@Override

public void handle(HttpServletRequest request, HttpServletResponse response,

AccessDeniedException accessDeniedException)

                throws IOException, ServletException {

response.getWriter().write(“myAccessDeniedHandler”);

response.getWriter().flush();

response.getWriter().close();

}

}

 希望得到您的解答.