【发布时间】:2017-04-27 22:22:12
【问题描述】:
我有一个 spring 安全配置,看起来像我下面的内容:
@Configuration
@EnableResourceServer
@EnableConfigurationProperties(OAuthSettings.class)
public class SecurityConfig extends ResourceServerConfigurerAdapter {
@Autowired
private OAuthSettings oAuthSettings;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
final JwtAccessTokenConverter jwtTokenEnhancer = new JwtAccessTokenConverter();
jwtTokenEnhancer.setVerifierKey(oAuthSettings.getPublicKey());
jwtTokenEnhancer.afterPropertiesSet();
JwtTokenStore tokenStore = new JwtTokenStore(jwtTokenEnhancer);
resources.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**")
.access(String.format("#oauth2.hasScope('%s')", oAuthSettings.getRequiredScope()));
}
}
如果我发送了错误的令牌,我会收到以下回复:
{
"error": "invalid_token",
"error_description": "Encoded token is a refresh token"
}
我真的很想自定义此响应。
例如,也许我想发回一个具有更多(或不同)属性的对象。例如这样的响应:
{
"error": "invalid_token",
"errorDescription": "Encoded token is a refresh token",
"aSuggestion": "some suggestion",
"anotherProperty": "check this out!"
}
我无法在 Spring Security 中找到允许我覆盖此默认异常处理行为的挂钩。任何帮助表示赞赏。
【问题讨论】:
标签: spring spring-mvc spring-boot spring-security spring-security-oauth2