每次身份验证异常不是触发器
per-authentication exceptions are not triggers
我已经实施了预身份验证 class 并且工作正常,当身份验证成功时,但是当自定义异常抛出错误时不显示而是重定向到登录页面。我想在发生自定义异常时重定向到错误页面。我使用 spring security auth2 和 spring boot 来开发它。
public class CustomPreAuthenticatedAuthenticationProvider extends PreAuthenticatedAuthenticationProvider {
private static final Logger LOG = Logger.getLogger(CustomPreAuthenticatedAuthenticationProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
LOG.info("CustomPreAuthenticatedAuthenticationProvider");
UmUser user = null;
String name = authentication.getName();
// String password = authentication.getCredentials().toString();
// String hashedPwd =null;
user = commonApiCallsService.callUserManagementService(name);
if (null == user) {
throw new CustomException(DataConfig.RES_CODE_INTERNAL_ERROR, name + " User not exist.");
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), null, translate(user.getRoles()));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
return authenticationToken;
}
private Collection << ? extends GrantedAuthority > translate(List < Role > roles) {
List < GrantedAuthority > authorities = new ArrayList < > ();
if (null != roles) {
roles.stream().map((role) - > role.getRoleName().toUpperCase()).map((name) - > {
if (!name.startsWith("ROLE_")) {
name = "ROLE_" + name;
}
return name;
}).forEachOrdered((name) - > {
authorities.add(new SimpleGrantedAuthority(name));
});
}
return authorities;
}
}
@Configuration
@Order(1)
@EnableResourceServer
public class ResourceServerInternal extends WebSecurityConfigurerAdapter {
public ResourceServerInternal() {
super();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.antMatcher("/internal/**")
.addFilterAfter(siteminderFilter(), RequestHeaderAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/", "/internal/login*", "/callback/", "/oauth/authorize*", "/exit", "**/logout").permitAll()
.anyRequest().authenticated();
}
@Bean
public FilterRegistrationBean registration(RequestHeaderAuthenticationFilter filter) throws Exception {
FilterRegistrationBean registration = new FilterRegistrationBean(filter);
registration.setEnabled(false);
return registration;
}
@Bean(name = "siteminderFilter")
public RequestHeaderAuthenticationFilter siteminderFilter() throws Exception {
RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
requestHeaderAuthenticationFilter.setPrincipalRequestHeader("SM_USER");
requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager());
return requestHeaderAuthenticationFilter;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager());
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
final List < AuthenticationProvider > providers = new ArrayList < > (1);
providers.add(preauthAuthProvider());
return new ProviderManager(providers);
}
@Bean(name = "preAuthProvider")
PreAuthenticatedAuthenticationProvider preauthAuthProvider() throws Exception {
CustomPreAuthenticatedAuthenticationProvider provider = new CustomPreAuthenticatedAuthenticationProvider();
provider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper());
return provider;
}
@Bean
UserDetailsByNameServiceWrapper < PreAuthenticatedAuthenticationToken > userDetailsServiceWrapper() throws Exception {
UserDetailsByNameServiceWrapper < PreAuthenticatedAuthenticationToken > wrapper = new UserDetailsByNameServiceWrapper < > ();
wrapper.setUserDetailsService(userDetailsService);
return wrapper;
}
@Override
@Order(1)
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/*.css");
web.ignoring().antMatchers("/*.js");
web.ignoring().antMatchers("/css/**");
}
}
public class CustomException extends AuthenticationException {
private Integer errorCode;
private String errorMsg;
public CustomException(Integer errorCode, String errorMsg) {
super(errorMsg);
this.errorCode = errorCode;
this.errorMsg = errorMsg;
}
public Integer getErrorCode() {
return errorCode;
}
public void setErrorCode(Integer errorCode) {
this.errorCode = errorCode;
}
public String getErrorMsg() {
return errorMsg;
}
public void setErrorMsg(String errorMsg) {
this.errorMsg = errorMsg;
}
}
I have added `requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false);`
到 siteminderFilter.it 作品。
@Bean(name = "siteminderFilter")
public RequestHeaderAuthenticationFilter siteminderFilter() throws Exception {
RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
requestHeaderAuthenticationFilter.setPrincipalRequestHeader("user_employee_id");
requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager());
requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
return requestHeaderAuthenticationFilter;
}
我已经实施了预身份验证 class 并且工作正常,当身份验证成功时,但是当自定义异常抛出错误时不显示而是重定向到登录页面。我想在发生自定义异常时重定向到错误页面。我使用 spring security auth2 和 spring boot 来开发它。
public class CustomPreAuthenticatedAuthenticationProvider extends PreAuthenticatedAuthenticationProvider {
private static final Logger LOG = Logger.getLogger(CustomPreAuthenticatedAuthenticationProvider.class);
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
LOG.info("CustomPreAuthenticatedAuthenticationProvider");
UmUser user = null;
String name = authentication.getName();
// String password = authentication.getCredentials().toString();
// String hashedPwd =null;
user = commonApiCallsService.callUserManagementService(name);
if (null == user) {
throw new CustomException(DataConfig.RES_CODE_INTERNAL_ERROR, name + " User not exist.");
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), null, translate(user.getRoles()));
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
return authenticationToken;
}
private Collection << ? extends GrantedAuthority > translate(List < Role > roles) {
List < GrantedAuthority > authorities = new ArrayList < > ();
if (null != roles) {
roles.stream().map((role) - > role.getRoleName().toUpperCase()).map((name) - > {
if (!name.startsWith("ROLE_")) {
name = "ROLE_" + name;
}
return name;
}).forEachOrdered((name) - > {
authorities.add(new SimpleGrantedAuthority(name));
});
}
return authorities;
}
}
@Configuration
@Order(1)
@EnableResourceServer
public class ResourceServerInternal extends WebSecurityConfigurerAdapter {
public ResourceServerInternal() {
super();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.antMatcher("/internal/**")
.addFilterAfter(siteminderFilter(), RequestHeaderAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/", "/internal/login*", "/callback/", "/oauth/authorize*", "/exit", "**/logout").permitAll()
.anyRequest().authenticated();
}
@Bean
public FilterRegistrationBean registration(RequestHeaderAuthenticationFilter filter) throws Exception {
FilterRegistrationBean registration = new FilterRegistrationBean(filter);
registration.setEnabled(false);
return registration;
}
@Bean(name = "siteminderFilter")
public RequestHeaderAuthenticationFilter siteminderFilter() throws Exception {
RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
requestHeaderAuthenticationFilter.setPrincipalRequestHeader("SM_USER");
requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager());
return requestHeaderAuthenticationFilter;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager());
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
final List < AuthenticationProvider > providers = new ArrayList < > (1);
providers.add(preauthAuthProvider());
return new ProviderManager(providers);
}
@Bean(name = "preAuthProvider")
PreAuthenticatedAuthenticationProvider preauthAuthProvider() throws Exception {
CustomPreAuthenticatedAuthenticationProvider provider = new CustomPreAuthenticatedAuthenticationProvider();
provider.setPreAuthenticatedUserDetailsService(userDetailsServiceWrapper());
return provider;
}
@Bean
UserDetailsByNameServiceWrapper < PreAuthenticatedAuthenticationToken > userDetailsServiceWrapper() throws Exception {
UserDetailsByNameServiceWrapper < PreAuthenticatedAuthenticationToken > wrapper = new UserDetailsByNameServiceWrapper < > ();
wrapper.setUserDetailsService(userDetailsService);
return wrapper;
}
@Override
@Order(1)
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/*.css");
web.ignoring().antMatchers("/*.js");
web.ignoring().antMatchers("/css/**");
}
}
public class CustomException extends AuthenticationException {
private Integer errorCode;
private String errorMsg;
public CustomException(Integer errorCode, String errorMsg) {
super(errorMsg);
this.errorCode = errorCode;
this.errorMsg = errorMsg;
}
public Integer getErrorCode() {
return errorCode;
}
public void setErrorCode(Integer errorCode) {
this.errorCode = errorCode;
}
public String getErrorMsg() {
return errorMsg;
}
public void setErrorMsg(String errorMsg) {
this.errorMsg = errorMsg;
}
}
I have added `requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false);`
到 siteminderFilter.it 作品。
@Bean(name = "siteminderFilter")
public RequestHeaderAuthenticationFilter siteminderFilter() throws Exception {
RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
requestHeaderAuthenticationFilter.setPrincipalRequestHeader("user_employee_id");
requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager());
requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
return requestHeaderAuthenticationFilter;
}