我可以将一些事件发布到事件发布器,例如成功的客户端身份验证和成功/不成功的用户身份验证。但是当客户端凭据错误时,不会发布任何事件。
以下是日志:
DEBUG::org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter::doFilter::Request is to process authentication
DEBUG::...ClientCredentialsTokenEndpointFilter::unsuccessfulAuthentication::Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
DEBUG::...ClientCredentialsTokenEndpointFilter::unsuccessfulAuthentication::Updated SecurityContextHolder to contain null Authentication
DEBUG::...ClientCredentialsTokenEndpointFilter::unsuccessfulAuthentication::Delegating to authentication failure handler org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter$1@734b2ca6
DEBUG::org.springframework.security.oauth2.provider.error.DefaultOAuth2ExceptionRenderer::writeWithMessageConverters::Written [error="invalid_client", error_description="Bad client credentials"] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@37536106]
在spring-security-oauth2 的2.0.8-RELEASE中,似乎没有办法在 ClientCredentialsTokenEndpointFilter 中设置自定义故障处理程序(通过 AuthorizationServerConfigurerAdapter)。
此外,添加拦截器似乎并没有起到作用。
或者我只是做错了......
任何人都有运气使用 Spring Boot+OAuth2 捕获所有身份验证事件吗?