disable错误消息:accessdeniedexception:拒绝访问

rqqzpn5f  于 2021-07-23  发布在  Java
关注(0)|答案(1)|浏览(365)

我使用此自定义错误处理程序:

@Component
public class OAuth2AuthenticationEntryPoint implements AuthenticationEntryPoint {

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException ex) throws IOException {

        ErrorDetail errorDetail = ErrorDetail.AUTHENTICATION_ERROR;

        ErrorResponse errorEntry = new ErrorResponse();
        errorEntry.setTitle(errorDetail.getTitle());
        errorEntry.setCode(errorDetail.getErrorCode());
        HttpStatus httpStatus = ErrorDetail.getHttpStatusBasedOnErrorCode(errorDetail.getErrorCode());
        errorEntry.setStatus(httpStatus.value());
        errorEntry.setDetail(ex.getMessage());
        Map<String, String> extra = new HashMap<String, String>();
        extra.put("detail", ex.getMessage());
        errorEntry.setExtra(extra);

        ErrorResponseDTO errorResponse = new ErrorResponseDTO();
        errorResponse.setErrors(Arrays.asList(errorEntry));

        response.setStatus(errorDetail.getHttpStatus().value());
        String json = new ObjectMapper().setDefaultPropertyInclusion(JsonInclude.Include.NON_NULL).writeValueAsString(errorResponse);
        response.getWriter().write(json);
        response.flushBuffer();
    }
}

我得到的错误响应应该是:

{"errors":[{"status":404,"code":"1000","title":"Authentication error","detail":"Full authentication is required to access this resource","extra":{"detail":"Full authentication is required to access this resource"}}]}

但我在服务器日志中发现以下错误:

21:34:30.498 [http-nio-8090-exec-7] DEBUG AffirmativeBased[decide:66] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@33252ffb, returned: -1
21:34:30.498 [http-nio-8090-exec-7] DEBUG ExceptionTranslationFilter[handleSpringSecurityException:180] - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
        at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
        at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
        at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

你知道每次我得到authenticationexception时如何抑制或禁用此错误吗?

xxe27gdn

xxe27gdn1#

这是一个 DEBUG 用于开发目的的级别日志,这是可以的。在生产级别上,日志级别不应低于 WARN 因此这些异常将不会被记录,这不是一个问题。
如果仍然坚持要修改行为,spring允许在类上设置日志级别,或者使用 OFF . 我发现关闭它是不鼓励的,因为您可能会错过更严重的日志,因此异常也可以记录在不同的级别上。
打开 application.properties 写下其中一个:
禁用所有日志: org.springframework.security.access.AccessDeniedException=OFF 至少 ERROR 级别: org.springframework.security.access.AccessDeniedException=ERROR 至少 WARN 级别: org.springframework.security.access.AccessDeniedException=WARN

相关问题