抛出自定义异常并显示来自自定义AuthenticationProvider的错误消息 [英] Throwing Custom Exception and Display Error Message from Custom AuthenticationProvider
问题描述
这是此问题的后续行动。
我有一个自定义的AuthenticationProvider,它扩展了AbstractUserDetailsAuthenticationProvider。在附加身份验证检查中,我正在做一些自定义身份验证工作,此过程的一部分是在登录屏幕上向用户显示一些消息。目前,为了测试,我创建了一个UserNotActivatedException:
class UserNotActivatedException extends AuthenticationException {
$ b $ public UserNotActivatedException字符串消息,Throwable t){
super(message,t)
}
$ b $ public UserNotActivatedException(String message){
super(message)
}
public UserNotActivatedException(String message,Object extraInformation){
super(message,extraInformation)
}
}
而在附加的身份验证检查中,我只是立即抛出它进行测试。现在,我需要知道我需要做什么才能让自己的失败消息显示在登录屏幕上。在spring-security-core默认配置中,我们可以覆盖以下内容:
errors.login.disabled =对不起,您的帐户已被禁用。
errors.login.expired =对不起,您的帐户已过期。
errors.login.passwordExpired =对不起,您的密码已过期。
errors.login.locked =对不起,您的帐户已被锁定。
errors.login.fail =对不起,我们无法找到具有该用户名和密码的用户。
但我不明白我可以如何添加自己的附加信息。
它看起来像 authfail
c> LoginController ,它被生成到 grails-app / controllers
中。以下是模板中的代码(在插件中):
/ **
*登录失败后回调。使用警告消息重定向到授权页面。
* /
def authfail = {
def username = session [UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
String msg =''
def exception = session [WebAttributes .AUTHENTICATION_EXCEPTION]
if(exception){
if(exception instanceof AccountExpiredException){
msg = SpringSecurityUtils.securityConfig.errors.login.expired
}
else if(异常instanceof CredentialsExpiredException){
msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
}
else if(exception instanceof DisabledException){
msg = SpringSecurityUtils.securityConfig.errors.login .disabled
else if(异常instanceof LockedException){
msg = SpringSecurityUtils.securityConfig.errors.login.locked
}
else {
msg = SpringSecurityUtils.securityConfig.erro rs.login.fail
$ b $ if(springSecurityService.isAjax(request)){
render([error:msg] as JSON)
}
else {
flash.message = msg
重定向操作:auth,params:params
}
}
(from〜/ .grails / 1.3.7 / projects / project-name / plugins / spring-security-core-1.1.2 / src / templates / LoginController.groovy.template)
您可以将UserNotActivatedException类型添加到那里的条件中。
This is a follow up to this question.
I have a custom AuthenticationProvider that extends AbstractUserDetailsAuthenticationProvider. In the additionalAuthenticationChecks I am doing some custom auth work and part of this process is to display some messages to the user on the login screen. Currently, for testing, I created a UserNotActivatedException:
class UserNotActivatedException extends AuthenticationException {
public UserNotActivatedException(String message, Throwable t) {
super(message, t)
}
public UserNotActivatedException(String message) {
super(message)
}
public UserNotActivatedException(String message, Object extraInformation) {
super(message, extraInformation)
}
}
And in the additionalAuthenticationChecks I am just immediately throwing it for testing. Now, I need to know what I need to do to get my own fail message to show up on the login screen. In the spring-security-core default config, we can override the following:
errors.login.disabled = "Sorry, your account is disabled."
errors.login.expired = "Sorry, your account has expired."
errors.login.passwordExpired = "Sorry, your password has expired."
errors.login.locked = "Sorry, your account is locked."
errors.login.fail = "Sorry, we were not able to find a user with that username and password."
But I don't see how I can add my own additional messages.
It looks like those messages just get used by the authfail
action of the LoginController
that gets generated into grails-app/controllers
. Here's the code from the template (in the plugin):
/**
* Callback after a failed login. Redirects to the auth page with a warning message.
*/
def authfail = {
def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
String msg = ''
def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
if (exception) {
if (exception instanceof AccountExpiredException) {
msg = SpringSecurityUtils.securityConfig.errors.login.expired
}
else if (exception instanceof CredentialsExpiredException) {
msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
}
else if (exception instanceof DisabledException) {
msg = SpringSecurityUtils.securityConfig.errors.login.disabled
}
else if (exception instanceof LockedException) {
msg = SpringSecurityUtils.securityConfig.errors.login.locked
}
else {
msg = SpringSecurityUtils.securityConfig.errors.login.fail
}
}
if (springSecurityService.isAjax(request)) {
render([error: msg] as JSON)
}
else {
flash.message = msg
redirect action: auth, params: params
}
}
(from ~/.grails/1.3.7/projects/project-name/plugins/spring-security-core-1.1.2/src/templates/LoginController.groovy.template)
You can probably just add your UserNotActivatedException type to the conditions there.
这篇关于抛出自定义异常并显示来自自定义AuthenticationProvider的错误消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!