Spring Security OAuth2：如何处理异常？

Question

我正在开发一个使用 Spring Security OAuth2 保护少数 REST API 的应用程序，现在的要求是包装 Spring OAuth2 异常并以 JSON 格式对其进行自定义。下面是我现有的spring安全配置，我已经尝试过这个链接上提到的答案，但没有成功how do I wrap an oauth2 exception

这是从 OAuth 获取令牌的默认 URL

<http pattern="/oauth/token" create-session="never"
      authentication-manager-ref="clientAuthenticationManager"
      xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <custom-filter ref="clientCredentialsTokenEndpointFilter"
                   after="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

这将保护下面提到的以下api

<http pattern="/api/**" create-session="never"
      entry-point-ref="oauthAuthenticationEntryPoint"
      access-decision-manager-ref="accessDecisionManager"
      xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/api/api/hospital/**" access="IS_AUTHENTICATED_FULLY" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

这是用来生成密钥的

<bean id="authenticationKeyGenerator" class="com.moss.oauth.MossAuthenticationKeyGenerator"/>

--

<bean id="oauthAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
      <property name="realmName" value="framework" />
</bean>

--

<bean id="clientAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="framework/client" />
    <property name="typeName" value="Basic" />
</bean>

--

<bean id="oauthAccessDeniedHandler"
      class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

--

<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>

--

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
      xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

--

<authentication-manager id="clientAuthenticationManager"
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" />

</authentication-manager>

--

<!-- This is simple authentication manager implementation using hibernate, gets users
    credentials from DB -->

<bean id="userDetailsService" class="com.moss.service.impl.UserServiceImpl"></bean>

<!-- Same password encoder must be used for storing the password and user authenticationManager  -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

--

<authentication-manager alias="authenticationManager"
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder ref="passwordEncoder"/>
    </authentication-provider>
</authentication-manager>

--

<bean id="clientDetailsUserService"
      class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
</bean>

--

<bean id="tokenStore" class="com.moss.oauth.MossHibernateTokenStore">
    <constructor-arg ref="authenticationKeyGenerator" />
</bean>

--

<bean id="tokenServices"
    class="com.moss.oauth.MossResourceAndAuthenticationTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="${oauth.refresh.token.support}" />
    <property name="accessTokenValiditySeconds" value="${oauth.access.token.validity}" />
    <property name="clientDetailsService" ref="clientDetails" />
    <property name="userDetailsService" ref="userDetailsService" />
</bean>

--

<bean id="oAuth2RequestFactory"
    class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
    <constructor-arg ref="clientDetails" />
</bean>

--

 <bean id="userApprovalHandler"
    class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
    <property name="requestFactory" ref="oAuth2RequestFactory" />
    <property name="tokenStore" ref="tokenStore" />
</bean>

--

<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices"
    user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauth:password />
</oauth:authorization-server>

--

<oauth:resource-server id="resourceServerFilter"
    resource-id="framework" token-services-ref="tokenServices" />

<bean id="clientDetails" class="com.moss.oauth.MossHibernateClientDetailsService">
    <constructor-arg ref="dataSource" />
</bean>

--

<sec:global-method-security
    pre-post-annotations="enabled" proxy-target-class="true">
    <sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

--

<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />

--

Answer 1

自定义响应将是代码中的一个点，您可以在其中访问默认响应，并且您可以发送 POJO 来代替它，例如，如果您想将 error_description 更改为 error_info 或其他任何内容，或者您​​可以想要在响应中添加更多变量。该解决方案确实存在，但我认为至少可以说实施起来很痛苦，因为我从here复制它：

这个问题已经解决了。请遵循以下解决方法： 1 将 OAuth2Exception 扩展为一个新的类，例如 CustomOAuth2Exception。在自定义类中，添加一些特定的属性。 2 自定义DefaultWebResponseExceptionTranslator 并在AuthorizationServerConfiguration 中注册自定义翻译器。 3个自定义两个jackson序列化器在OAuth2Exception中注释，并用两个自定义序列化器注释你的CustomOAuth2Exception。 4 使用 ObjectMapper 用自定义序列化器覆盖初始序列化器。