Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring boot 如何覆盖spring security上的默认错误消息_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring-boot/
  • Spring boot 如何覆盖spring security上的默认错误消息

Spring boot 如何覆盖spring security上的默认错误消息

spring-boot spring-security

Spring boot 如何覆盖spring security上的默认错误消息,spring-boot,spring-security,Spring Boot,Spring Security,我正在使用DaoAuthenticationProvider为我的客户端请求提供身份验证。如果用户名/密码组合无效,它会抛出一个AuthenticationException,并显示一条消息:Bad credentials 这是一个好的和预期的行为,但我试图有更友好的消息,所以我想用我自己的错误消息来代替它 我发现这个消息来自 public SpringSecurityMessageSource() { setBasename("org.springframework.

我正在使用
DaoAuthenticationProvider
为我的客户端请求提供身份验证。如果用户名/密码组合无效,它会抛出一个
AuthenticationException
,并显示一条消息:
Bad credentials

这是一个好的和预期的行为,但我试图有更友好的消息,所以我想用我自己的错误消息来代替它

我发现这个消息来自

public SpringSecurityMessageSource() {
        setBasename("org.springframework.security.messages");
    }

//a bunch of authentication code
messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials","Bad credentials")
我试图通过创建文件来替换此消息

resources/org/springframework/security/messages.properties
其内容为:
AbstractUserDetailsAuthenticationProvider.badCredentials=任何其他内容

但是坏消息仍然被抛出。。。我做错了什么?如何重新定义默认的org.springframework.security.messages

以下是您可以尝试使用的
AuthenticationEntryPoint

  • 创建一个实现
    AuthenticationEntryPoint
    的类,然后修改
    。根据所需的格式和消息编写(..)
  • 在安全配置中设置自定义入口点:
    • 查找您需要覆盖的消息的Spring安全类,它将具有以下字段:

    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    此类还应实现
    MessageSourceAware
    接口。此接口只有一个您需要使用的方法:
    void setMessageSource(MessageSource MessageSource)

    例如,我使用
    DaoAuthenticationProvider
    。它扩展了
    AbstractUserDetailsAuthenticationProvider
    ,实现了
    MessageSourceAware

    来自Spring安全源代码:

    public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
   ...
}

public abstract class AbstractUserDetailsAuthenticationProvider
        implements AuthenticationProvider, InitializingBean, MessageSourceAware {
    ...
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    ...
    @Override
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }
    ...
}

    @Configuration
@EnableWebSecurity
@RequiredArgsConstructor // lombok
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MessageSource messageSource;
    private final UserDetailsService userDetailsService;

    @Bean
    public MessageSource messageSource() {
        ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
        messageSource.setBasenames("messages", "org/springframework/security/messages"); // my messages will override spring security messages, if message code the same
        messageSource.setDefaultEncoding("UTF-8");
        return messageSource;
    }

    @Bean
    public DaoAuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService); // set my custom user details service
        provider.setMessageSource(messageSource); // set my custom messages
        return provider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.authenticationProvider(authProvider()); // set dao provider with my custom messages
    }

}
    因此,我将覆盖默认的
    DaoAuthenticationProvider
    ,并设置消息源

    我的代码:

    public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
   ...
}

public abstract class AbstractUserDetailsAuthenticationProvider
        implements AuthenticationProvider, InitializingBean, MessageSourceAware {
    ...
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    ...
    @Override
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }
    ...
}

    @Configuration
@EnableWebSecurity
@RequiredArgsConstructor // lombok
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MessageSource messageSource;
    private final UserDetailsService userDetailsService;

    @Bean
    public MessageSource messageSource() {
        ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
        messageSource.setBasenames("messages", "org/springframework/security/messages"); // my messages will override spring security messages, if message code the same
        messageSource.setDefaultEncoding("UTF-8");
        return messageSource;
    }

    @Bean
    public DaoAuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService); // set my custom user details service
        provider.setMessageSource(messageSource); // set my custom messages
        return provider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.authenticationProvider(authProvider()); // set dao provider with my custom messages
    }

}
    我覆盖的消息
    /src/main/resources/messages.properties

    AbstractUserDetailsAuthenticationProvider.disabled=Account is not activated. Please, activate your account. The activation link is sent in email
...etc...
    您可以在此处找到邮件的所有可用代码:

    org.springframework.security:springsecuritycore:[版本]

    /org/springframework/security/messages.properties

    正在创建一个自定义bean,该bean实现了您的案例中允许的
    AuthenticationEntryPoint
    ?@goldthelocks,是的,如何做到这一点?请参阅以下链接以了解如何使用
    getWriter()。write