捕获 AuthenticationProvider 中抛出的异常 [英] Catching exception thrown in AuthenticationProvider
问题描述
我正在实现自定义的AuthenticationProvider".如果未通过身份验证,我将在身份验证"函数中抛出异常,如下所示.
I am implementing custom 'AuthenticationProvider'. If not authenticated I am throwing exception inside 'authenticate' function as shown below.
public class DelegatingLdapAuthenticationProvider implements AuthenticationProvider {
private ActiveDirectoryLdapAuthenticationProvider primaryProvider;
private List<ActiveDirectoryLdapAuthenticationProvider> secondaryProviders = new ArrayList<>();
public DelegatingLdapAuthenticationProvider() {
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Authentication result = null;
AuthenticationException exception = null;
try {
result = primaryProvider.authenticate(authentication);
} catch (AuthenticationException e) {
exception = e;
for (ActiveDirectoryLdapAuthenticationProvider secondaryProvider : secondaryProviders) {
try {
result = secondaryProvider.authenticate(authentication);
if (result.isAuthenticated()) {
break;
}
} catch (AuthenticationException e1) {
exception = e;
}
}
}
if (result == null || !result.isAuthenticated()) {
throw exception;
}
return result;
}
我有如下所示的全局异常处理程序.
I have global exception handler as shown below.
@ControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler({NoPermissionException.class})
@ResponseBody
@ResponseStatus(value = HttpStatus.FORBIDDEN)
public Map<String, String> noPermission(NoPermissionException e) {
return createErrorResponse(e, "Don't have permissions");
}
@ExceptionHandler({Exception.class})
@ResponseBody
@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
public Map<String, String> exceptionInProcessing(Exception e) {
return createErrorResponse(e, "Unable to process. Unknown error occurred: " + e.getMessage());
}
private Map<String, String> createErrorResponse(Exception e, String errorMessage) {
Map<String, String> errorResponse = new HashMap<>();
errorResponse.put("message", errorMessage);
errorResponse.put("reason", e.toString());
return errorResponse;
}
}
当在 'authenticate' 函数内抛出异常时,不会调用全局异常处理程序.对于所有其他异常,它正在被调用.我想在全局异常处理程序中捕获异常并返回自定义错误消息.我怎样才能做到这一点?任何帮助表示赞赏.提前致谢.
When exception is thrown inside the 'authenticate' function, global exception handler is not being called. For all the other exceptions it is being called. I want to catch the exception inside global exception handler and return custom error message. How can I do that? Any help appreciated. Thanks in advance.
推荐答案
GlobalExceptionHandler
用于控制器异常处理程序,但 AuthenticationProvider
仍在过滤器中,如果您愿意要处理AuthenticationException
,您需要处理它以实现AuthenticationEntryPoint
并覆盖commence
方法.
The GlobalExceptionHandler
is for controller exception handler, but the AuthenticationProvider
is still in filter, if you want to handler the AuthenticationException
, you need to handle it to implement AuthenticationEntryPoint
and override the commence
method.
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException
AuthenticationException
和 AccessDeniedException
已经被 ExceptionTranslationFilter
处理了.你只需要注入 AuthenticationEntryPoint
和 AccessDeniedHandler
(它们处理 AccessDeniedException
)
AuthenticationException
and AccessDeniedException
have already been handled by ExceptionTranslationFilter
. You just need to inject AuthenticationEntryPoint
and AccessDeniedHandler
(which handle AccessDeniedException
)
或者你可以在过滤器中捕获这些异常,然后在文件管理器中处理它,例如 AbstractAuthenticationProcessingFilter
Or you can catch these exception in filter and then handle it in filer, like AuthenticationFailureHandler
in AbstractAuthenticationProcessingFilter
这篇关于捕获 AuthenticationProvider 中抛出的异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!