Java 句柄401错误(Spring安全性)
我能处理404错误Java 句柄401错误(Spring安全性),java,spring,spring-security,Java,Spring,Spring Security,我能处理404错误 @ResponseStatus(value = HttpStatus.NOT_FOUND) @ExceptionHandler(NoHandlerFoundException.class) @ResponseBody public void noHandlerFoundException (HttpServletResponse response) throws IOException{ //some code } 但是如何处理
@ResponseStatus(value = HttpStatus.NOT_FOUND)
@ExceptionHandler(NoHandlerFoundException.class)
@ResponseBody
public void noHandlerFoundException (HttpServletResponse response) throws IOException{
//some code
}
但是如何处理401错误呢
编辑我使用的是Java,而不是web.xml
编辑我应该在NoHandlerFoundException中输入什么来处理HttpStatus.UNAUTHORIZED
编辑
我有方法unsuccessfulAuthentication,当身份验证失败时:
public class StatelessLoginFilter extends AbstractAuthenticationProcessingFilter {
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationException failed) throws IOException, ServletException {
SecurityContextHolder.clearContext();
if (logger.isDebugEnabled()) {
logger.debug("Authentication request failed: " + failed.toString());
logger.debug("Updated SecurityContextHolder to contain null Authentication");
logger.debug("Delegating to authentication failure handler " + failureHandler);
}
// response.setCharacterEncoding("UTF-8");
// response.getWriter().write(jsonService.toString(jsonService.getResponse(false, "Не удалось авторизоваться", "401")));
rememberMeServices.loginFail(request, response);
failureHandler.onAuthenticationFailure(request, response, failed);
}
}
此代码发送401错误html。我需要发送json,你可以在评论中看到它。你可以查看
HttpStatus.UNAUTHORIZE
见:
以下是一个完整的处理程序,用于处理所有少量错误页面:
@Controller
public class ErrorCodeController extends BaseController {
@ExceptionHandler(ApplicationException.class)
@RequestMapping(value="errorPage400", method=RequestMethod.GET)
@ResponseStatus(value = HttpStatus.BAD_REQUEST)
public String handleBadRequest(ApplicationException ex,HttpServletResponse response, ModelMap map) {
map.addAttribute("http-error-code", HttpStatus.BAD_REQUEST);
return processErrorCodes(ex,response,map);
}
@ExceptionHandler(ApplicationException.class)
@RequestMapping(value="errorPage401", method=RequestMethod.GET)
@ResponseStatus(value=HttpStatus.UNAUTHORIZED,reason="Unauthorized Request")
public String handleUnauthorizedRequest(ApplicationException ex,HttpServletResponse response, ModelMap map) {
map.addAttribute("http-error-code", HttpStatus.UNAUTHORIZED);
return processErrorCodes(ex,response,map);
}
@ExceptionHandler(ApplicationException.class)
@RequestMapping(value="errorPage404", method=RequestMethod.GET)
@ResponseStatus(HttpStatus.NOT_FOUND)
public String handleNotFoundRequest(ApplicationException ex,HttpServletResponse response, ModelMap map) {
map.addAttribute("http-error-code", HttpStatus.NOT_FOUND);
return processErrorCodes(ex,response,map);
}
@ExceptionHandler(ApplicationException.class)
@RequestMapping(value="errorPage500", method=RequestMethod.GET)
@ResponseStatus(value=HttpStatus.INTERNAL_SERVER_ERROR,reason="Internal Server Error")
public String handleInternalServerError(ApplicationException ex,HttpServletResponse response, ModelMap map) {
map.addAttribute("http-error-code", HttpStatus.INTERNAL_SERVER_ERROR);
return processErrorCodes(ex,response,map);
}
@ExceptionHandler(ApplicationException.class)
public void handleApplicationExceptions(Throwable exception, HttpServletResponse response) {
}
private String processErrorCodes(ApplicationException ex,HttpServletResponse response, ModelMap map){
map.addAttribute("class", ClassUtils.getShortName(ex.getClass()));
map.addAttribute("message", ex.getMessage());
map.addAttribute("errorMessage", ex.getErrorMessage());
map.addAttribute("errorCode", ex.getErrorCode());
map.addAttribute("timestamp", ex.getCurrentDate());
return "errorPage";
}
}
基本控制器:
@Controller
@RequestMapping("/")
public class BaseController {
// Remember to add any exception that you suspect can be thrown in this web application.
@ExceptionHandler({ApplicationException.class,NullPointerException.class})
public ModelAndView handleException(Throwable exception,HttpServletRequest req) {
ModelMap model = new ModelMap();
ApplicationException ex = new ApplicationException();
String timeStamp = ex.getCurrentDate().toString();
//String temp = ClassUtils.getShortName(ex.getClass());
//model.addAttribute("class", ClassUtils.getShortName(ex.getClass()));
model.addAttribute("timeStamp", timeStamp);
return new ModelAndView("errorPage", model);
}
Web.xml:
<web-app id="WebApp_ID" version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>myApp</display-name>
<error-page>
<error-code>400</error-code>
<location>/errorPage400.xhtml</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/errorPage401.xhtml</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/errorPage404.xhtml</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/errorPage500.xhtml</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/errorPage.xhtml</location>
</error-page>
myApp
400
/errorPage400.xhtml
401
/errorPage401.xhtml
404
/errorPage404.xhtml
500
/errorPage500.xhtml
java.lang.Throwable
/errorPage.xhtml
我知道这是一个老话题,但我也尝试过,所以我的解决方案只适用于Tomcat
在您的*DispatcherServletInitializer
/WebAppInitializer
的启动(…)
方法中调用以下方法
Field appContextInFacade = ApplicationContextFacade.class.getDeclaredField("context");
appContextInFacade.setAccessible(true);
ApplicationContext appContext = (ApplicationContext) appContextInFacade.get(servletContext);
Field appContextInContext = ApplicationContext.class.getDeclaredField("context");
appContextInContext.setAccessible(true);
StandardContext context = (StandardContext) appContextInContext.get(appContext);
ErrorPage defaultErrorPage = new ErrorPage();
defaultErrorPage.setLocation("/myinternalerrorhandlercontroller");
context.addErrorPage(defaultErrorPage); // You may have to use reflection here as well.
然后添加一个能够处理这些错误请求的控制器:
@RequestMapping("/myinternalerrorhandlercontroller")
public ResponseEntity<T> renderErrorPage(HttpServletRequest httpRequest)
重要提示:
- 您必须处理所有的
sRequestMethod
- 您必须处理所有
内容类型(=>返回字节或注册回退HttpMessageConverter,它可以将错误对象转换为json,而不管请求什么)
- 您的错误页面决不能抛出异常或无法返回响应
- 只有在未调用或(未能执行)通常的
或类似机制时,才会显示错误页面@ExceptionHandler
- 不要访问应用程序状态(如用户身份验证),因为您超出了应用程序的作用域,它们可能不可用或包含无效数据
(Integer) httpRequest.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);