对于客户端开发或者网站开发而言,调用接口返回有统一的响应体,可以针对性的设计界面,代码结构更加清晰,层次也更加分明。
默认异常响应
在使用 Spring Security Oauth2
登录和鉴权失败时,默认返回的异常信息如下:
1 2 3 4
| { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" }
|
这与我们返回的信息格式不一致。如果需要修改这种返回的格式,需要重写相关异常处理类。这里我统一的是资源服务器(网关)的响应格式。
自定义异常响应
无效 token 异常类重写
新增 AuthExceptionEntryPoint.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| @Component public class AuthExceptionEntryPoint implements AuthenticationEntryPoint {
@Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws ServletException { Map<String, Object> map = new HashMap<String, Object>(); Throwable cause = authException.getCause();
response.setStatus(HttpStatus.OK.value()); response.setHeader("Content-Type", "application/json;charset=UTF-8"); try { if(cause instanceof InvalidTokenException) { response.getWriter().write(ResultJsonUtil.build( ResponseCodeConstant.REQUEST_FAILED, ResponseStatusCodeConstant.OAUTH_TOKEN_FAILURE, ResponseMessageConstant.OAUTH_TOKEN_ILLEGAL )); }else{ response.getWriter().write(ResultJsonUtil.build( ResponseCodeConstant.REQUEST_FAILED, ResponseStatusCodeConstant.OAUTH_TOKEN_MISSING, ResponseMessageConstant.OAUTH_TOKEN_MISSING )); } } catch (IOException e) { e.printStackTrace(); } } }
|
权限不足异常类重写
新增 CustomAccessDeniedHandler.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| @Component("customAccessDeniedHandler") public class CustomAccessDeniedHandler implements AccessDeniedHandler {
@Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { response.setStatus(HttpStatus.OK.value()); response.setHeader("Content-Type", "application/json;charset=UTF-8"); try { response.getWriter().write(ResultJsonUtil.build( ResponseCodeConstant.REQUEST_FAILED, ResponseStatusCodeConstant.OAUTH_TOKEN_DENIED, ResponseMessageConstant.OAUTH_TOKEN_DENIED )); } catch (IOException e) { e.printStackTrace(); } } }
|
资源配置类中设置异常处理类
修改资源配置类 ResourceServerConfiguration.java
1 2 3 4 5 6
| @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.tokenExtractor(customTokenExtractor); resources.authenticationEntryPoint(authExceptionEntryPoint) .accessDeniedHandler(customAccessDeniedHandler); }
|
自定义响应测试
示例代码:https://github.com/BNDong/spring-cloud-examples/tree/master/spring-cloud-zuul/cloud-zuul