Java 禁用错误消息:AccessDeniedException:访问被拒绝
我使用此自定义错误处理程序:Java 禁用错误消息:AccessDeniedException:访问被拒绝,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我使用此自定义错误处理程序: @Component public class OAuth2AuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationExcep
@Component
public class OAuth2AuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException ex) throws IOException {
ErrorDetail errorDetail = ErrorDetail.AUTHENTICATION_ERROR;
ErrorResponse errorEntry = new ErrorResponse();
errorEntry.setTitle(errorDetail.getTitle());
errorEntry.setCode(errorDetail.getErrorCode());
HttpStatus httpStatus = ErrorDetail.getHttpStatusBasedOnErrorCode(errorDetail.getErrorCode());
errorEntry.setStatus(httpStatus.value());
errorEntry.setDetail(ex.getMessage());
Map<String, String> extra = new HashMap<String, String>();
extra.put("detail", ex.getMessage());
errorEntry.setExtra(extra);
ErrorResponseDTO errorResponse = new ErrorResponseDTO();
errorResponse.setErrors(Arrays.asList(errorEntry));
response.setStatus(errorDetail.getHttpStatus().value());
String json = new ObjectMapper().setDefaultPropertyInclusion(JsonInclude.Include.NON_NULL).writeValueAsString(errorResponse);
response.getWriter().write(json);
response.flushBuffer();
}
}
但我在服务器日志中发现以下错误:
21:34:30.498 [http-nio-8090-exec-7] DEBUG AffirmativeBased[decide:66] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33252ffb, returned: -1
21:34:30.498 [http-nio-8090-exec-7] DEBUG ExceptionTranslationFilter[handleSpringSecurityException:180] - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
您知道每次收到AuthenticationException时如何抑制或禁用此错误吗?这是一个用于开发目的的
调试级别日志,可以。在生产级别上,日志级别不应低于WARN
级别,因此不会记录这些异常,也不会引起关注
如果仍然坚持修改行为,Spring允许在类上设置日志级别,或者使用OFF
禁用它。我发现关闭它是不鼓励的,因为您可能会错过更严重的日志,因此异常也可以记录在不同的级别上
打开application.properties
并编写以下内容之一:
- 禁用所有日志:
org.springframework.security.access.AccessDeniedException=OFF
- 至少
ERROR
级别:org.springframework.security.access.AccessDeniedException=ERROR
- 至少
WARN
级别:org.springframework.security.access.AccessDeniedException=WARN
21:34:30.498 [http-nio-8090-exec-7] DEBUG AffirmativeBased[decide:66] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33252ffb, returned: -1
21:34:30.498 [http-nio-8090-exec-7] DEBUG ExceptionTranslationFilter[handleSpringSecurityException:180] - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)