Java 我如何在春天发送我自己的回复?
我在应用程序中使用JWT实现Spring安全性,当发出未经授权的调用时,它将返回以下响应Java 我如何在春天发送我自己的回复?,java,spring,security,jwt,Java,Spring,Security,Jwt,我在应用程序中使用JWT实现Spring安全性,当发出未经授权的调用时,它将返回以下响应 @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
响应如下所示
{
"timestamp": 1497832267379,
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/path"
}
我可以发送自己的自定义响应,例如:
{
"code":401,
"message":"The request is unauthorized"
}
谢谢你的帮助
编辑
我将代码更新为以下格式:
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
//response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
Status unauthorizedEntry = new Status();
unauthorizedEntry.setCode(401);
unauthorizedEntry.setMessage("Unauthorized Entry");
Map<String, Object> unauthorizedEntryResponse = new HashMap<>();
unauthorizedEntryResponse.put("status", unauthorizedEntry);
objectMapper.writeValue(response.getOutputStream(), unauthorizedEntry);
response.flushBuffer();
}
现在我得到了200的回复,但屏幕上什么也没有显示。它是完全空白的。感谢您的帮助 这应该对你有用:
@Autowired
private ObjectMapper objectMapper;
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
// notify client of response body content type
response.addHeader("Content-Type", "application/json;charset=UTF-8");
// set the response status code
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// set up the response body
Status unauthorized = new Status(HttpServletResponse.SC_UNAUTHORIZED,
"The request is unauthorized");
// write the response body
objectMapper.writeValue(response.getOutputStream(), unauthorized);
// commit the response
response.flushBuffer();
}
public class Status {
private int code;
private String message;
public Status(int code, String message) {
this.code = code;
this.message = message;
}
public int getCode() {
return code;
}
public String getMessage() {
return message;
}
}
请注意,您需要您可以尝试添加控制器建议
@RestController
@ControllerAdvice
public class ExceptionHandlerController {
@ExceptionHandler(UsernameNotFoundException.class, DataAccessException.class)
@ResponseStatus(HttpStatus.SC_UNAUTHORIZED)
@ResponseBody ErrorInfo
UnauthorizeExceptionInfo(HttpServletRequest req, Exception ex) {
return new ErrorInfo(req.getRequestURL(), ex);
}
}
和ErrorInfo.class
@JsonIgnore
public final StringBuffer url;
public final String ex;
public ErrorInfo(StringBuffer stringBuffer, Exception ex) {
this.url = stringBuffer;
this.ex = ex.getLocalizedMessage();
}
当您抛出新的UsernameNotFoundException时,控制器将处理响应
如果密码/电子邮件不匹配,我假设在CustomUserDetailsService中的@Override public loadUserByUsername中抛出异常
此处的更多详细信息:您应该能够使用自定义的
AuthenticationFailureHandler
覆盖响应。目前我正在覆盖开始方法。您的新代码实际上没有设置状态。您需要response.setStatus(HttpServletResponse.SC_)代码>以使其工作。您必须告诉servlet引擎状态发生了变化,否则它将默认为200。我在其他REST控制器中使用jackson作为@RequestMapping(value=“/path”,products={MediaType.APPLICATION\u JSON\u value},method=RequestMethod.GET)
。但在本例中,它不是REST控制器,因此如何使用JacksonI发送JSON响应添加了一个使用Jackson的示例。我尝试了该示例,现在得到了200响应,但没有显示任何内容。我更新了问题代码如果你得到的是200,那么它不会命中此代码。如果你不介意,你可以提供匹配的整个代码段。因为当我尝试时,它要么不显示任何内容,要么显示相同的格式(默认401)
@JsonIgnore
public final StringBuffer url;
public final String ex;
public ErrorInfo(StringBuffer stringBuffer, Exception ex) {
this.url = stringBuffer;
this.ex = ex.getLocalizedMessage();
}