Spring security oauth2 ExceptionTranslationFilter所抛异常处理_oauth2 抛出的异常 怎么捕获

Spring security核心就是一组过滤器链。项目启动自动配置上的。

最核心的就是 Basic Authentication Filter 用来认证用户的身份；

一个过滤器处理一种认证方式；

对于username password认证过滤器来说，

• 会检查是否是一个登录请求，
• 是否包含username 和 password （也就是该过滤器需要的一些认证信息）
• 如果不满足则放行给下一个

下一个按照自身职责判定是否是自身需要的信息，

basic的特征就是在请求头中有 Authorization:Basic eHh4Onh4 的信息

中间可能还有更多的认证过滤器。最后一环是 FilterSecurityInterceptor，

这里会判定该请求是否能进行访问rest服务；判断的依据是：BrowserSecurityConfig中的配置；

如果被拒绝了就会抛出不同的异常（根据具体的原因）。

Exception Translation Filter 会捕获抛出的错误，然后根据不同的认证方式进行信息的返回提示

注意的是：绿色的过滤器可以配置是否生效，其他的都不能控制；

以上就是security最基本的一个原理，其他的衍生的功能都是基于这个架子进行扩展的

如何处理ExceptionTranslationFilter中所抛出的异常？

package com.healthy.security.server.handler;
 
import com.healthy.security.core.support.SimpleResponse;
import com.healthy.security.server.handler.exception.HealthyOauthException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.stereotype.Component;
import org.springframework.web.HttpRequestMethodNotSupportedException;
 
import java.io.IOException;
import java.nio.file.AccessDeniedException;
 
/**
 * healthy translator that converts exceptions into {@link OAuth2Exception}s. The output matches the OAuth 2.0
 * specification in terms of error response format and HTTP status code.
 */
@Slf4j
@Component("healthyResponseExceptionTranslator")
public class HealthyResponseExceptionTranslator implements WebResponseExceptionTranslator<SimpleResponse> {
 
    private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
 
    @Override
    public ResponseEntity<SimpleResponse> translate(Exception e) throws Exception {
 
        // Try to extract a SpringSecurityException from the stacktrace
        Throwable[] causeChain = throwableAnalyzer.determineCauseChain(e);
 
        // 异常栈获取 OAuth2Exception 异常
        Exception exception = (OAuth2Exception) throwableAnalyzer.getFirstThrowableOfType(OAuth2Exception.class, causeChain);
 
 
        // 异常栈中有OAuth2Exception
        if (exception != null) {
            return handleOAuth2Exception((OAuth2Exception) exception);
        }
 
        exception = (AuthenticationException) throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class,
                causeChain);
 
        if (exception != null) {
            return handleOAuth2Exception(new HealthyOauthException(e.getMessage(), e));
        }
 
        exception = (AccessDeniedException) throwableAnalyzer
                .getFirstThrowableOfType(AccessDeniedException.class, causeChain);
        if (exception instanceof AccessDeniedException) {
            return handleOAuth2Exception(new HealthyOauthException(exception.getMessage(), exception));
        }
 
        exception = (HttpRequestMethodNotSupportedException) throwableAnalyzer
                .getFirstThrowableOfType(HttpRequestMethodNotSupportedException.class, causeChain);
        if (exception instanceof HttpRequestMethodNotSupportedException) {
            return handleOAuth2Exception(new HealthyOauthException(exception.getMessage(), exception));
        }
 
        exception = (UsernameNotFoundException) throwableAnalyzer
                .getFirstThrowableOfType(UsernameNotFoundException.class, causeChain);
        if (exception instanceof UsernameNotFoundException) {
            return handleOAuth2Exception(new HealthyOauthException(exception.getMessage(), exception));
        }
 
        // 不包含上述异常则服务器内部错误
        return handleOAuth2Exception(new HealthyOauthException(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), e));
    }
 
    private ResponseEntity<SimpleResponse> handleOAuth2Exception(OAuth2Exception e) throws IOException {
 
        int status = e.getHttpErrorCode();
        HttpHeaders headers = new HttpHeaders();
        headers.set("Cache-Control", "no-store");
        headers.set("Pragma", "no-cache");
        if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) {
            headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
        }
 
        SimpleResponse simpleResponse = new SimpleResponse(e.getMessage());
 
        return new ResponseEntity<SimpleResponse>(simpleResponse, headers, HttpStatus.valueOf(status));
    }
}

package com.healthy.security.server.handler.exception;
 
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 
public class HealthyOauthException extends OAuth2Exception {
 
    public HealthyOauthException(String msg, Throwable t) {
        super(msg, t);
    }
 
    public HealthyOauthException(String msg) {
        super(msg);
    }
}

package com.healthy.security.server;
 
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
 
/**
 * 认证服务器配置
 */
@Configuration
@EnableAuthorizationServer
public class HealthyAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
 
    //  ...省略
 
    @Autowired
    private WebResponseExceptionTranslator healthyResponseExceptionTranslator;
 
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .exceptionTranslator(healthyResponseExceptionTranslator);
        }
    
    //  ...省略
}