扩展spring security loadByUsername httpStatusCode

Question

您好，我正在强制解决与 spring security UserDetailsS​​ervice 方法的扩展功能相关的问题。此方法默认抛出 UsernameNotFoundException，状态码为 400（错误请求）

    override fun loadUserByUsername(username: Username): UserDetails {
        if(loginAttemptService.isBlocked(username))
            throw TooManyInvalidLoginRequestException()
        val user = repository.findByEmail(username.toLowerCase())
            ?: repository.findByUsername(username)
            ?: throw AuthenticationUserNotFound()
        return CustomUserDetails(user)
    }

class TooManyInvalidLoginRequestException : ServiceException(TOO_MANY_REQUESTS, EMAIL_BLOCKED_TOO_MANY_INVALID_LOGIN_REQUEST)

如果我尝试抛出由我自己定义的异常，该异常抛出另一个状态代码，那么它会用我的消息覆盖为 401。 您知道如何防止这种情况发生吗？

Answer 1

您可以使用 Spring 的 @RestControllerAdvice 注解创建一个全局异常控制器，例如：

import org.springframework.http.HttpStatus
import org.springframework.http.ResponseEntity
import org.springframework.web.bind.annotation.ExceptionHandler
import org.springframework.web.bind.annotation.RestControllerAdvice

data class ErrorResponseDto(erroCode: Int, message: String)

@RestControllerAdvice
class GlobalExceptionController {
    @ExceptionHandler(TooManyInvalidLoginRequestException.class)
    fun handleCaseOne(e: TooManyInvalidLoginRequestException): ResponseEntity<ErrorResponseDto> {
        val errorResponseDto = ErrorResponseDto(101, e.getMessage())
        ResponseEntity<>(errorResponseDto, HttpStatus.BAD_REQUEST)
    }

    @ExceptionHandler(SomeOtherException.class)
    fun handleCaseTwo(e: SomeOtherException): ResponseEntity<ErrorResponseDto> {
        val errorResponseDto = ErrorResponseDto(102, e.getMessage())
        ResponseEntity<>(errorResponseDto, HttpStatus.INTERNAL_SERVER_ERROR)
    }
}

这可能有一些 Kotlin 错误，这是从 Java 代码移植而来的。