java - 为错误 Forbidden 实现自定义异常处理程序
问题描述
我想创建自定义异常处理程序,它返回带有数据的结构化 JSON 响应。我试过这个:
@ExceptionHandler({ AccessDeniedException.class })
public ResponseEntity<ErrorResponseDTO> accessDeniedExceptionHandler(final AccessDeniedException ex) {
ErrorDetail errorDetail = ErrorDetail.NOT_FOUND;
LOG.error(ex.getMessage(), ex.getCause());
ErrorResponse errorEntry = new ErrorResponse();
.......
return new ResponseEntity<ErrorResponseDTO>(errorResponse, HttpStatus.FORBIDDEN);
}
完整代码:Github
但我得到了这个通用结果:
{
"timestamp": "2020-06-06T22:46:13.815+00:00",
"status": 403,
"error": "Forbidden",
"message": "",
"path": "/engine/users/request"
}
我只想得到这个结果:
{
"errors": [{
"status": 404,
"code": "1000",
"title": "Forbidden",
"detail": "Forbidden",
"extra": {
"detail": "Forbidden"
}
}]
}
您知道如何发送自定义结果以及如何解决此问题吗?
解决方案
好吧,我认为您可以通过这种方式为拒绝访问异常执行自定义错误
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final ObjectMapper om;
public SecurityConfiguration() {
this.om = new ObjectMapper();
this.om.setDefaultPropertyInclusion(JsonInclude.Include.NON_NULL);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.exceptionHandling()
.accessDeniedHandler((request, response, accessDeniedException) -> {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
ServletOutputStream out = response.getOutputStream();
om.writeValue(
out,
ErrorDto
.builder()
.code(1000)
.title("Forbidden")
.detail("Forbidden")
.status(404)
.build()
);
out.flush();
}).and()
.authorizeRequests().antMatchers("/api/**").authenticated()
.and()
.httpBasic()
.and()
.formLogin().disable();
}
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
private static class ErrorDto{
private int status;
private int code;
private String title;
private String detail;
// other fields
}
}
推荐阅读
- algorithm - 如何证明完整二叉堆(min-heap)中第 k 个最小元素的预期深度为 O(logk)?
- server - 在 WSO2 身份服务器 5.8.0 中声明方言错误
- javascript - 如何使用 es6 过滤对象值
- git - git 子树与 Gerrit 兼容吗?
- z3 - 为什么 Z3 对于这些喇叭子句返回未知
- javascript - “李”元素显示为“未定义”
- react-native - 在本机反应中打开视频播放器
- ios - 为什么 traitCollectionDidChange() 在挂起应用程序时执行两次
- graphql - 如何从“gql”对象中获取查询的名称?
- python - 如何将循环中的多个结果添加到一个数组