java Vert。x身份验证缺少权限将产生500而不是403
我正在用Java实现我的AuthHandler,它与添加到每个路由的正常权限一起工作。它工作得很好-它可以检测用户是否未通过必填字段,并可以告诉用户是否允许访问路由。但如果我试图进入一条基于失踪的权威的禁止路线。x响应为500-内部服务器错误,而不是403-禁止
为什么会这样?我该如何修复它
下面是一些可能会有所帮助的代码片段
// MyUserImpl
@Override
protected void doIsPermitted(String authority, Handler<AsyncResult<Boolean>> resultHandler) {
//TODO: make call to token to check permissions using crn and iamtoken
if (this.token.contains(authority)) {
resultHandler.handle(Future.succeededFuture(true));
} else {
log.info("User is not authorized", token, authority);
resultHandler.handle(Future.failedFuture(new AuthorizationException(authority)));
}
}
// MyAuthProviderImpl
@Override
public void authenticate(JsonObject authInfo, Handler<AsyncResult<User>> resultHandler) {
String token = authInfo.getString("iamToken");
if (this.validate(token)) {
resultHandler.handle(Future.succeededFuture(new TaskUserImpl(token)));
} else {
log.info("User cannot be authenticated", token);
resultHandler.handle(Future.failedFuture(new AuthenticationException()));
}
}
// MyAuthHandlerImpl
public void parseCredentials(RoutingContext ctx, Handler<AsyncResult<JsonObject>> handler) {
this.parseAuthorization(ctx, false, parseAuthorization -> {
if (parseAuthorization.failed()) {
log.info("No Auth token was provided");
handler.handle(Future.failedFuture(parseAuthorization.cause()));
final String token = parseAuthorization.result();
handler.handle(Future.succeededFuture(
new JsonObject()
.put("iamToken", iamToken)
));
});
}
共 (0) 个答案