现象描述:
资源服务器中,只要是在controller中报的错,都会被转成invaild_token返回
新入坑spring-security-oauth2,望各位前辈指导
资源服务器配置
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources
.accessDeniedHandler(new CustomAccessDeniedHandler())
.authenticationEntryPoint(new CustomAuthenticationEntryPoint());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
//放行注解url
.authorizeRequests()
.antMatchers(PermitAllUrlConstant.permitAllUrl("/test")).permitAll() // 放开权限的url
.anyRequest().authenticated().and().httpBasic();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
参数配置:
## oauth2 资源服务器配置项
security.oauth2.resource.user-info-uri=http://127.0.0.1:19086/authority-provider/user-me
security.oauth2.resource.prefer-token-info=false
现象还原
Controller中有如下两个接口,set接口故意模拟报错
正常如下:
请求数组越界的接口,期待返回500,结果却如下(这里我有做oauth2自定义错误转换)
总结
通俗的讲就是在controller里报的错,全被spring-security-oauth2的异常捕获走了