抛出自定义异常并显示来自自定义AuthenticationProvider的错误消息 [英] Throwing Custom Exception and Display Error Message from Custom AuthenticationProvider

问题描述

这是此问题的后续行动。

我有一个自定义的AuthenticationProvider，它扩展了AbstractUserDetailsAuthenticationProvider。在附加身份验证检查中，我正在做一些自定义身份验证工作，此过程的一部分是在登录屏幕上向用户显示一些消息。目前，为了测试，我创建了一个UserNotActivatedException：

  class UserNotActivatedException extends AuthenticationException {
 $ b $ public UserNotActivatedException字符串消息，Throwable t）{
 super（message，t）
} 
 $ b $ public UserNotActivatedException（String message）{
 super（message）
} 
 
 public UserNotActivatedException（String message，Object extraInformation）{
 super（message，extraInformation）
} 
 
} 
  

而在附加的身份验证检查中，我只是立即抛出它进行测试。现在，我需要知道我需要做什么才能让自己的失败消息显示在登录屏幕上。在spring-security-core默认配置中，我们可以覆盖以下内容：

  errors.login.disabled =对不起，您的帐户已被禁用。 
 errors.login.expired =对不起，您的帐户已过期。 
 errors.login.passwordExpired =对不起，您的密码已过期。 
 errors.login.locked =对不起，您的帐户已被锁定。 
 errors.login.fail =对不起，我们无法找到具有该用户名和密码的用户。 
  

但我不明白我可以如何添加自己的附加信息。

解决方案

它看起来像 authfail c> LoginController ，它被生成到 grails-app / controllers 中。以下是模板中的代码（在插件中）：

  / ** 
 *登录失败后回调。使用警告消息重定向到授权页面。 
 * / 
 def authfail = {
 
 def username = session [UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY] 
 String msg =''
 def exception = session [WebAttributes .AUTHENTICATION_EXCEPTION] 
 if（exception）{
 if（exception instanceof AccountExpiredException）{
 msg = SpringSecurityUtils.securityConfig.errors.login.expired 
} 
 else if（异常instanceof CredentialsExpiredException）{
 msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired 
} 
 else if（exception instanceof DisabledException）{
 msg = SpringSecurityUtils.securityConfig.errors.login .disabled 
 
 else if（异常instanceof LockedException）{
 msg = SpringSecurityUtils.securityConfig.errors.login.locked 
} 
 else {
 msg = SpringSecurityUtils.securityConfig.erro rs.login.fail 
 
 
 $ b $ if（springSecurityService.isAjax（request））{
 render（[error：msg] as JSON）
} 
 else {
 flash.message = msg 
重定向操作：auth，params：params 
} 
} 
  

（from〜/ .grails / 1.3.7 / projects / project-name / plugins / spring-security-core-1.1.2 / src / templates / LoginController.groovy.template）

您可以将UserNotActivatedException类型添加到那里的条件中。

This is a follow up to this question.

I have a custom AuthenticationProvider that extends AbstractUserDetailsAuthenticationProvider. In the additionalAuthenticationChecks I am doing some custom auth work and part of this process is to display some messages to the user on the login screen. Currently, for testing, I created a UserNotActivatedException:

class UserNotActivatedException extends AuthenticationException {

  public UserNotActivatedException(String message, Throwable t) {
    super(message, t)
  }

  public UserNotActivatedException(String message) {
    super(message)
  }

  public UserNotActivatedException(String message, Object extraInformation) {
    super(message, extraInformation)
  }

}

And in the additionalAuthenticationChecks I am just immediately throwing it for testing. Now, I need to know what I need to do to get my own fail message to show up on the login screen. In the spring-security-core default config, we can override the following:

errors.login.disabled = "Sorry, your account is disabled."
errors.login.expired = "Sorry, your account has expired."
errors.login.passwordExpired = "Sorry, your password has expired."
errors.login.locked = "Sorry, your account is locked."
errors.login.fail = "Sorry, we were not able to find a user with that username and password."

But I don't see how I can add my own additional messages.

解决方案

It looks like those messages just get used by the authfail action of the LoginController that gets generated into grails-app/controllers. Here's the code from the template (in the plugin):

/**
 * Callback after a failed login. Redirects to the auth page with a warning message.
 */
def authfail = {

    def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
    String msg = ''
    def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
    if (exception) {
        if (exception instanceof AccountExpiredException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.expired
        }
        else if (exception instanceof CredentialsExpiredException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.passwordExpired
        }
        else if (exception instanceof DisabledException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.disabled
        }
        else if (exception instanceof LockedException) {
            msg = SpringSecurityUtils.securityConfig.errors.login.locked
        }
        else {
            msg = SpringSecurityUtils.securityConfig.errors.login.fail
        }
    }

    if (springSecurityService.isAjax(request)) {
        render([error: msg] as JSON)
    }
    else {
        flash.message = msg
        redirect action: auth, params: params
    }
}

(from ~/.grails/1.3.7/projects/project-name/plugins/spring-security-core-1.1.2/src/templates/LoginController.groovy.template)

You can probably just add your UserNotActivatedException type to the conditions there.

这篇关于抛出自定义异常并显示来自自定义AuthenticationProvider的错误消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！