Spring Security – RequestRejectedException

概述

Spring Security 提供了 RequestRejectedHandler 来处理当请求被拒绝时候如何处理，在没有进行配置的情况下，默认是使用 DefaultRequestRejectedHandler 直接将异常进行抛出：

throw requestRejectedException;

同时也提供了 HttpStatusRequestRejectedHandler 来返回对应的状态码。

定制 RequestRejectedHandler

RequestRejectedHandler 的注入是在 WebSecurity 的 setApplicationContext 当中：

try {
    this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);
}
catch (NoSuchBeanDefinitionException ex) {
}

if (this.requestRejectedHandler != null) {
   filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
}

在中的定义为：

private RequestRejectedHandler requestRejectedHandler = new DefaultRequestRejectedHandler();

我们只需要覆盖 Bean 定义即可：

@Bean
RequestRejectedHandler requestRejectedHandler() {
   return new CustomizerRequestRejectedHandler();
}

@Slf4j
public class CustomizerRequestRejectedHandler implements RequestRejectedHandler {
   @Override
   public void handle(HttpServletRequest request, HttpServletResponse response,
   RequestRejectedException ex) throws IOException, ServletException {
      log.warn("request uri: {},user-agent: {}", request.getRequestURI(), request.getHeader(HttpHeaders.USER_AGENT));
      log.error(ex.getMessage(), ex);
      response.setStatus(HttpServletResponse.SC_NOT_FOUND);
   }
}

参考

spring-5-0-3-requestrejectedexception-the-request-was-rejected-because-the-url

log+request+uri+on+RequestRejectedException

how-to-intercept-a-requestrejectedexception-in-spring

spring-security-request-rejected-exception

posted @ 2023-01-05 21:50 codeshaw 阅读(265) 评论(0) 收藏举报

刷新页面返回顶部

codeshaw

Spring Security – RequestRejectedException

概述

定制 RequestRejectedHandler

参考

公告