如何将自定义oauth2authorizationfailurehandler添加到defaultoauth2authorizedclientmanager?

ewm0tg9j  于 2021-07-13  发布在  Java
关注(0)|答案(1)|浏览(311)

我使用的是Spring Security ,我试图将自己的oauth2authorizationfailurehandler添加到defaultoauth2authorizedclientmanager中,但我找不到这样做的方法。它看起来不像豆子;它看起来像是在oauth2clientconfiguration.oauth2clientwebmvcsecurityconfiguration.addargumentresolvers()中示例化的。
这个github问题看起来应该让我能够做到这一点,但我仍然不知道如何:https://github.com/spring-projects/spring-security/issues/7583
我看了里面的文件https://github.com/spring-projects/spring-security/commit/2dd40c7de5de72b8f18a51c490d640619c5a6301,而我仍然被难住了。
我想添加失败处理程序的原因是我想处理刷新令牌过期时refreshtokenoauth2authorizedclientprovider.authorize()引发的oauth2authorizationexception。具体地说,当刷新令牌过期时,我想用http403而不是http500来响应。

rks48beu

rks48beu1#

我知道如何定制defaultoauth2authorizedclientmanager的失败处理程序,但它实际上并没有实现我的最终目标,即优雅地处理registeredoauth2clientargumentresolver在尝试使用过期的刷新令牌从auth服务器检索新的访问令牌时抛出的oauth2authorizationexception。
要处理oauth2authorizationexception,请创建一个带有@exceptionhandler(oauth2authorizationexception.class)注解方法的@controlleradvice类,该方法可以执行任何您想要的操作。以下是我所做的:

@ControllerAdvice
public class GlobalControllerAdvice {

  /**
   * spring-security-oauth2 automatically refreshes the access token while resolving
   * \@RegisteredOAuth2AuthorizedClient-annotated parameters to @RequestMapping methods.  When it
   * fails to refresh an OAuth2 access token because the refresh token is expired,
   * RefreshTokenOAuth2AuthorizedClientProvider.authorize() throws an OAuth2AuthorizationException.
   * If we didn't handle it here, we'd respond with a HTTP 500, and that's no good.  Instead, we
   * respond with HTTP 403 so that the UI can log itself out.
   */
  @ExceptionHandler(OAuth2AuthorizationException.class)
  ResponseEntity<?> handleHttpStatusCodeException(OAuth2AuthorizationException e) {
    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
  }

}

如果出于某种原因您想要自定义defaultoauth2authorizedclientmanager失败处理程序,那么您可能需要创建一个全新的OAuth2AuthorizedClientTargetResolver bean(如下所示),并通过WebMVCConfigure(以下未显示)注册它:

@Bean
@Order(0)
public OAuth2AuthorizedClientArgumentResolver oAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
  final OAuth2AuthorizedClientArgumentResolver oAuth2AuthorizedClientArgumentResolver = new OAuth2AuthorizedClientArgumentResolver(oAuth2AuthorizedClientManager);
  return oAuth2AuthorizedClientArgumentResolver;
}

@Bean
public OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository) {
  final DefaultOAuth2AuthorizedClientManager authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(
      clientRegistrationRepository, authorizedClientRepository);

  authorizedClientManager.setAuthorizationFailureHandler(new OAuth2AuthorizationFailureHandler() {
    @Override
    public void onAuthorizationFailure(OAuth2AuthorizationException e,
        Authentication authentication, Map<String, Object> map) {
      // Handle auth failure here
    }
  });

  return authorizedClientManager;
}

相关问题