您好:
我遇到了和http://andaily.com/blog/?dwqa-question=%E8%87%AA%E5%AE%9A%E4%B9%89token%E9%AA%8C%E8%AF%81%E5%A4%B1%E8%B4%A5%E8%BF%94%E5%9B%9E%E7%9A%84%E5%BC%82%E5%B8%B8%E4%BF%A1%E6%81%AF 这篇帖子中一样的问题(我想自定义token验证失败后返回的内容)
返回内容:
<oauth><error_description>Invalid access token: xxxxxx</error_description><error>invalid_token</error></oauth>
[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:140) – Token not found in headers. Trying request parameters.
[WEB][150715 13:18:20,826] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:637) – Executing prepared SQL query
[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (JdbcTemplate.java:572) – Executing prepared SQL statement [select token_id, token from oauth_access_token where token_id = ?]
[WEB][150715 13:18:20,827] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:110) – Fetching JDBC Connection from DataSource
[WEB][150715 13:18:20,836] [DEBUG] [http-nio-8080-exec-13] (DataSourceUtils.java:327) – Returning JDBC Connection to DataSource
[WEB][150715 13:18:20,838] [ INFO] [http-nio-8080-exec-13] (JdbcTokenStore.java:157) – Failed to find access token for token xxxxxx
[WEB][150715 13:18:20,838] [DEBUG] [http-nio-8080-exec-13] (OAuth2AuthenticationProcessingFilter.java:122) – Authentication request failed: error=”invalid_token”, error_description=”Invalid access token: 2bd”
[WEB][150715 13:18:20,839] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.
[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (DefaultOAuth2ExceptionRenderer.java:101) – Written [error=”invalid_token”, error_description=”Invalid access token: 2bd”] as “application/xhtml+xml” using [org.springframework.security.oauth2.http.converter.jaxb.JaxbOAuth2ExceptionMessageConverter@4d8446fc]
[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (HttpSessionSecurityContextRepository.java:300) – SecurityContext is empty or contents are anonymous – context will not be stored in HttpSession.
[WEB][150715 13:18:20,840] [DEBUG] [http-nio-8080-exec-13] (SecurityContextPersistenceFilter.java:97) – SecurityContextHolder now cleared, as request processing completed
然后我根据您在该帖子下面的回复
朋友,需要自定义TOKEN的返回值, 你可以访问这文章
http://andaily.com/blog/?p=97
里面有接口你可以去扩展实现返回的内容及格式.
修改了相关内容,具体如下:
security.xml
<http pattern=“/v1/api/**” create-session=“never”
entry-point-ref=“myBasicAuthenticationEntryPoint”
access-decision-manager-ref=“oauth2AccessDecisionManager”>
<anonymous enabled=“false”/>
<access-denied-handler ref=“myAccessDeniedHandler”/>
<http-basic entry-point-ref=“myBasicAuthenticationEntryPoint” />
<intercept-url pattern=“/v1/api/**” access=“ROLE_UNITY,SCOPE_READ”/>
<custom-filter ref=“unityResourceServer” before=“PRE_AUTH_FILTER”/>
</http>
<beans:bean id=“myAccessDeniedHandler”
class=“com.test.security.handler.MyAccessDeniedHandler”/>
MyAccessDeniedHandler.java
public class MyAccessDeniedHandler implements AccessDeniedHandler {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException)
throws IOException, ServletException {
response.getWriter().write(“myAccessDeniedHandler”);
response.getWriter().flush();
response.getWriter().close();
}
}
希望得到您的解答.