diff --git a/security/ballcat-spring-security-oauth2-resource-server/src/main/java/org/ballcat/springsecurity/oauth2/server/resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java b/security/ballcat-spring-security-oauth2-resource-server/src/main/java/org/ballcat/springsecurity/oauth2/server/resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java index c86fdb537..8a995e4c2 100644 --- a/security/ballcat-spring-security-oauth2-resource-server/src/main/java/org/ballcat/springsecurity/oauth2/server/resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java +++ b/security/ballcat-spring-security-oauth2-resource-server/src/main/java/org/ballcat/springsecurity/oauth2/server/resource/introspection/SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector.java @@ -22,6 +22,7 @@ import java.util.Set; import lombok.extern.slf4j.Slf4j; +import org.ballcat.springsecurity.exception.InternalServiceException; import org.ballcat.springsecurity.oauth2.userdetails.ClientPrincipal; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.GrantedAuthority; @@ -61,7 +62,16 @@ public SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector( */ @Override public OAuth2AuthenticatedPrincipal introspect(String accessTokenValue) { - OAuth2Authorization authorization = this.authorizationService.findByToken(accessTokenValue, null); + OAuth2Authorization authorization; + try { + authorization = this.authorizationService.findByToken(accessTokenValue, null); + } + catch (Exception ex) { + log.error("An error occurred while attempting to find OAuth2 Authorization by token: {}", accessTokenValue, + ex); + throw new InternalServiceException( + "An error occurred while attempting to find OAuth2 Authorization by token"); + } if (authorization == null) { if (log.isTraceEnabled()) { log.trace("Did not authenticate token introspection request since token was not found"); diff --git a/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/exception/InternalServiceException.java b/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/exception/InternalServiceException.java new file mode 100644 index 000000000..984706450 --- /dev/null +++ b/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/exception/InternalServiceException.java @@ -0,0 +1,39 @@ +/* + * Copyright 2023-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.ballcat.springsecurity.exception; + +import org.springframework.security.core.AuthenticationException; + +/** + * 认证时发生内部服务异常。 + *

+ * + * @see org.springframework.security.authentication.InternalAuthenticationServiceException + * @author Hccake + * @since 2.0.0 + */ +public class InternalServiceException extends AuthenticationException { + + public InternalServiceException(String message) { + super(message); + } + + public InternalServiceException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java b/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java index 64c317777..10e0aabae 100644 --- a/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java +++ b/security/ballcat-spring-security/src/main/java/org/ballcat/springsecurity/web/CustomAuthenticationEntryPoint.java @@ -25,6 +25,7 @@ import org.ballcat.common.model.result.ApiResult; import org.ballcat.common.model.result.SystemResultCode; import org.ballcat.common.util.JsonUtils; +import org.ballcat.springsecurity.exception.InternalServiceException; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.core.AuthenticationException; @@ -43,9 +44,17 @@ public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse.setHeader("Content-Type", MediaType.APPLICATION_JSON_UTF8_VALUE); httpServletResponse.setCharacterEncoding(utf8); - httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value()); - ApiResult apiResult = ApiResult.failed(SystemResultCode.UNAUTHORIZED, e.getMessage()); - httpServletResponse.getWriter().write(JsonUtils.toJson(apiResult)); + + if (e instanceof InternalServiceException) { + httpServletResponse.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); + ApiResult r = ApiResult.failed(SystemResultCode.SERVER_ERROR, e.getMessage()); + httpServletResponse.getWriter().write(JsonUtils.toJson(r)); + } + else { + httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value()); + ApiResult r = ApiResult.failed(SystemResultCode.UNAUTHORIZED, e.getMessage()); + httpServletResponse.getWriter().write(JsonUtils.toJson(r)); + } } }