♿ (security) token service 解析异常时，响应状态码改为 500，而不是 401

ballcat-projects · Apr 12, 2024 · e012104 · e012104
1 parent 832e2ae
commit e012104
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 4 deletions.
diff --git a/.../resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java b/.../resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java
@@ -22,6 +22,7 @@
 import java.util.Set;
 
 import lombok.extern.slf4j.Slf4j;
+import org.ballcat.springsecurity.exception.InternalServiceException;
 import org.ballcat.springsecurity.oauth2.userdetails.ClientPrincipal;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@@ -61,7 +62,16 @@ public SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector(
 	 */
 	@Override
 	public OAuth2AuthenticatedPrincipal introspect(String accessTokenValue) {
-		OAuth2Authorization authorization = this.authorizationService.findByToken(accessTokenValue, null);
+		OAuth2Authorization authorization;
+		try {
+			authorization = this.authorizationService.findByToken(accessTokenValue, null);
+		}
+		catch (Exception ex) {
+			log.error("An error occurred while attempting to find OAuth2 Authorization by token: {}", accessTokenValue,
+					ex);
+			throw new InternalServiceException(
+					"An error occurred while attempting to find OAuth2 Authorization by token");
+		}
 		if (authorization == null) {
 			if (log.isTraceEnabled()) {
 				log.trace("Did not authenticate token introspection request since token was not found");

diff --git a/...security/src/main/java/org/ballcat/springsecurity/exception/InternalServiceException.java b/...security/src/main/java/org/ballcat/springsecurity/exception/InternalServiceException.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2023-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ballcat.springsecurity.exception;
+
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ * 认证时发生内部服务异常。
+ * <p>
+ *
+ * @see org.springframework.security.authentication.InternalAuthenticationServiceException
+ * @author Hccake
+ * @since 2.0.0
+ */
+public class InternalServiceException extends AuthenticationException {
+
+	public InternalServiceException(String message) {
+		super(message);
+	}
+
+	public InternalServiceException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+}
diff --git a/...security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java b/...security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java
@@ -25,6 +25,7 @@
 import org.ballcat.common.model.result.ApiResult;
 import org.ballcat.common.model.result.SystemResultCode;
 import org.ballcat.common.util.JsonUtils;
+import org.ballcat.springsecurity.exception.InternalServiceException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.AuthenticationException;
@@ -43,9 +44,17 @@ public void commence(HttpServletRequest httpServletRequest, HttpServletResponse
 
 		httpServletResponse.setHeader("Content-Type", MediaType.APPLICATION_JSON_UTF8_VALUE);
 		httpServletResponse.setCharacterEncoding(utf8);
-		httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
-		ApiResult<Object> apiResult = ApiResult.failed(SystemResultCode.UNAUTHORIZED, e.getMessage());
-		httpServletResponse.getWriter().write(JsonUtils.toJson(apiResult));
+
+		if (e instanceof InternalServiceException) {
+			httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+			ApiResult<Object> r = ApiResult.failed(SystemResultCode.SERVER_ERROR, e.getMessage());
+			httpServletResponse.getWriter().write(JsonUtils.toJson(r));
+		}
+		else {
+			httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
+			ApiResult<Object> r = ApiResult.failed(SystemResultCode.UNAUTHORIZED, e.getMessage());
+			httpServletResponse.getWriter().write(JsonUtils.toJson(r));
+		}
 	}
 
 }