Spring boot 如何覆盖spring security上的默认错误消息
我正在使用Spring boot 如何覆盖spring security上的默认错误消息,spring-boot,spring-security,Spring Boot,Spring Security,我正在使用DaoAuthenticationProvider为我的客户端请求提供身份验证。如果用户名/密码组合无效,它会抛出一个AuthenticationException,并显示一条消息:Bad credentials 这是一个好的和预期的行为,但我试图有更友好的消息,所以我想用我自己的错误消息来代替它 我发现这个消息来自 public SpringSecurityMessageSource() { setBasename("org.springframework.
DaoAuthenticationProvider
为我的客户端请求提供身份验证。如果用户名/密码组合无效,它会抛出一个AuthenticationException
,并显示一条消息:Bad credentials
这是一个好的和预期的行为,但我试图有更友好的消息,所以我想用我自己的错误消息来代替它
我发现这个消息来自
public SpringSecurityMessageSource() {
setBasename("org.springframework.security.messages");
}
//a bunch of authentication code
messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials","Bad credentials")
我试图通过创建文件来替换此消息
resources/org/springframework/security/messages.properties
其内容为:AbstractUserDetailsAuthenticationProvider.badCredentials=任何其他内容
但是坏消息仍然被抛出。。。我做错了什么?如何重新定义默认的org.springframework.security.messages以下是您可以尝试使用的
AuthenticationEntryPoint
:
AuthenticationEntryPoint
的类,然后修改。根据所需的格式和消息编写(..)
:查找您需要覆盖的消息的Spring安全类,它将具有以下字段:
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
此类还应实现MessageSourceAware
接口。此接口只有一个您需要使用的方法:void setMessageSource(MessageSource MessageSource)
例如,我使用DaoAuthenticationProvider
。它扩展了AbstractUserDetailsAuthenticationProvider
,实现了MessageSourceAware
来自Spring安全源代码:
public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
...
}
public abstract class AbstractUserDetailsAuthenticationProvider
implements AuthenticationProvider, InitializingBean, MessageSourceAware {
...
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
...
@Override
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
...
}
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor // lombok
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final MessageSource messageSource;
private final UserDetailsService userDetailsService;
@Bean
public MessageSource messageSource() {
ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
messageSource.setBasenames("messages", "org/springframework/security/messages"); // my messages will override spring security messages, if message code the same
messageSource.setDefaultEncoding("UTF-8");
return messageSource;
}
@Bean
public DaoAuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService); // set my custom user details service
provider.setMessageSource(messageSource); // set my custom messages
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authProvider()); // set dao provider with my custom messages
}
}
因此,我将覆盖默认的DaoAuthenticationProvider
,并设置消息源
我的代码:
public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
...
}
public abstract class AbstractUserDetailsAuthenticationProvider
implements AuthenticationProvider, InitializingBean, MessageSourceAware {
...
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
...
@Override
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
...
}
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor // lombok
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final MessageSource messageSource;
private final UserDetailsService userDetailsService;
@Bean
public MessageSource messageSource() {
ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
messageSource.setBasenames("messages", "org/springframework/security/messages"); // my messages will override spring security messages, if message code the same
messageSource.setDefaultEncoding("UTF-8");
return messageSource;
}
@Bean
public DaoAuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService); // set my custom user details service
provider.setMessageSource(messageSource); // set my custom messages
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(authProvider()); // set dao provider with my custom messages
}
}
我覆盖的消息/src/main/resources/messages.properties
:
AbstractUserDetailsAuthenticationProvider.disabled=Account is not activated. Please, activate your account. The activation link is sent in email
...etc...
您可以在此处找到邮件的所有可用代码:
org.springframework.security:springsecuritycore:[版本]
/org/springframework/security/messages.properties
正在创建一个自定义bean,该bean实现了您的案例中允许的AuthenticationEntryPoint
?@goldthelocks,是的,如何做到这一点?请参阅以下链接以了解如何使用getWriter()。write
: