Biography: Swing unruly, love life. Java Cultivator (wechat official ID: Java Cultivator), welcome to follow. Access to 2000G of detailed information on the 2020 interview questions

For client development or website development, the call interface returns a unified response body, can be targeted to design the interface, the code structure is clearer, the hierarchy is more clear.

Default exception response

When Spring Security Oauth2 login and authentication fails, the following exception information is returned by default:

{  
"error": "unauthorized",  
"error_description": "Full authentication is required to access this resource"
}
Copy the code

This is inconsistent with the format of the information we returned. If you need to change the format of this return, you need to rewrite the relevant exception handling classes. What I am unifying here is the response format of the resource server (gateway).

Custom exception response

Invalid token exception class overwritten

New AuthExceptionEntryPoint. Java

@Componentpublic class AuthExceptionEntryPoint implements AuthenticationEntryPoint{   
 @Override    
public void commence(HttpServletRequest request, HttpServletResponse response,                        
 AuthenticationException authException) throws ServletException {        
Map<String, Object> map = new HashMap<String, Object>();        
Throwable cause = authException.getCause();        
response.setStatus(HttpStatus.OK.value());       
 response.setHeader("Content-Type", "application/json;charset=UTF-8");       
 try {            
if(cause instanceof InvalidTokenException) {               
 response.getWriter().write(ResultJsonUtil.build(                        
ResponseCodeConstant.REQUEST_FAILED,                      
  ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE,                       
ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL                ));          
  }
else{                
response.getWriter().write(ResultJsonUtil.build(                       
 ResponseCodeConstant.REQUEST_FAILED,                       
 ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING,                       
ResponseMessageConstant.OAUTH_TOKEN_MISSING                ));            
}        } 
catch (IOException e) {            
e.printStackTrace();       
 }    
}}
Copy the code

Insufficient permission exception class overwritten

New CustomAccessDeniedHandler. Java

@Component("customAccessDeniedHandler") public class CustomAccessDeniedHandler implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { response.setStatus(HttpStatus.OK.value()); response.setHeader("Content-Type", "application/json; charset=UTF-8"); try { response.getWriter().write(ResultJsonUtil.build( ResponseCodeConstant.REQUEST_FAILED, ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED, ResponseMessageConstant.OAUTH_TOKEN_DENIED )); } catch (IOException e) { e.printStackTrace(); }}}Copy the code

Set the exception handling class in the Resource configuration class

Modify the resource configuration class ResourceServerConfiguration. Java

@Overridepublic void configure(ResourceServerSecurityConfigurer resources) {    
resources.tokenExtractor(customTokenExtractor);    
resources.authenticationEntryPoint(authExceptionEntryPoint)            
.accessDeniedHandler(customAccessDeniedHandler);
}
Copy the code

Custom response tests

Code video explanation:

Spring Security and Apache Shiro 2021

Need friends can point to get: stamp here to get… Cipher: jj