ExceptionTranslationFilter
介绍
Spring Security授权认证服务的异常处理不能像常规Spring MVC或者Spring Boot那样进行统一异常处理,而是在过滤器上进行了层层拦截,代码阅读起来也有些费劲。而该Filter是用于处理Spring Security部分异常的,开发者可以自定义accessDeniedHandler和authenticationEntryPoint进行配置,根据自己的需求进行异常处理。
代码分析
步骤1
上篇文章已经提及过Spring Security认证服务配置分ResourceServerConfigurerAdapter(资源认证服务配置)和AuthorizationServerSecurityConfigurer(授权认证服务配置),对于授权认证服务,作者还没找到办法自定义注入accessDeniedHandler和authenticationEntryPoint,我们可以看一下WebSecurityConfigurerAdapter的部分代码:
protected final HttpSecurity getHttp() throws Exception {
if (http != null) {
return http;
}
DefaultAuthenticationEventPublisher eventPublisher = objectPostProcessor
.postProcess(new DefaultAuthenticationEventPublisher());
localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);
AuthenticationManager authenticationManager = authenticationManager();
authenticationBuilder.parentAuthenticationManager(authenticationManager);
authenticationBuilder.authenticationEventPublisher(eventPublisher);
Map<Class<?>, Object> sharedObjects = createSharedObjects();
http = new HttpSecurity(objectPostProcessor, authenticationBuilder,
sharedObjects);
if (!disableDefaults) {
// @formatter:off
http
.csrf().and()
.addFilter(new WebAsyncManagerIntegrationFilter())
//添加一个ExceptionHandlingConfigurer,configurer是new出来的,未注入accessDeniedHandler和authenticationEntryPoint
.exceptionHandling().and()
.headers().and()
.sessionManagement().and()
.securityContext().and()
.requestCache().and()
.anonymous().and()
.servletApi().and()
.apply(new DefaultLoginPageConfigurer<>())