概述
Spring Security 提供了 RequestRejectedHandler 来解决当申请被回绝时候如何解决,在没有进行配置的状况下,默认是应用 DefaultRequestRejectedHandler 间接将异样进行抛出:
throw requestRejectedException;同时也提供了 HttpStatusRequestRejectedHandler 来返回对应的状态码。
定制 RequestRejectedHandler
RequestRejectedHandler 的注入是在 WebSecurity 的 setApplicationContext 当中:
try { this.requestRejectedHandler = applicationContext.getBean(RequestRejectedHandler.class);}catch (NoSuchBeanDefinitionException ex) {}if (this.requestRejectedHandler != null) { filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);}在中的定义为:
private RequestRejectedHandler requestRejectedHandler = new DefaultRequestRejectedHandler();咱们只须要笼罩 Bean 定义即可:
@BeanRequestRejectedHandler requestRejectedHandler() { return new CustomizerRequestRejectedHandler();}@Slf4jpublic class CustomizerRequestRejectedHandler implements RequestRejectedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, RequestRejectedException ex) throws IOException, ServletException { log.warn("request uri: {},user-agent: {}", request.getRequestURI(), request.getHeader(HttpHeaders.USER_AGENT)); log.error(ex.getMessage(), ex); response.setStatus(HttpServletResponse.SC_NOT_FOUND); }}参考
spring-5-0-3-requestrejectedexception-the-request-was-rejected-because-the-url
log+request+uri+on+RequestRejectedException
how-to-intercept-a-requestrejectedexception-in-spring
spring-security-request-rejected-exception