以往在使用异常时,只是知道通过异常类的构造方法设置一些出错信息,此外最多就是把引起该异常的原因通过Throwable类的子类一同设置进去。今天在分析springSecurity3.0.5的框架时,看到AuthenticationException这个异常类(用在验证时)的源码,发现这个异常类除了上述常见的用法外,还把Authentication(验证信息)的做为属性放到了异常类中,当验证出错时AuthenticationException抛出时,Authentication(验证信息)一同被抛出了,这样捕获异常的类就能得到更丰富的信息,有些数据还可以通过异常类返回给调用者。看了这样的代码,思路不由地开阔了不少。该类源码如下:
1 package org.springframework.security.core;
2
3 /**
4 * Abstract superclass for all exceptions related to an {@link Authentication} object being invalid for whatever
5 * reason.
6 *
7 * @author Ben Alex
8 */
9 public abstract class AuthenticationException extends RuntimeException {
10 //~ Instance fields ================================================================================================
11
12 private Authentication authentication;
13 private Object extraInformation;
14
15 //~ Constructors ===================================================================================================
16
17 /**
18 * Constructs an <code>AuthenticationException</code> with the specified message and root cause.
19 *
20 * @param msg the detail message
21 * @param t the root cause
22 */
23 public AuthenticationException(String msg, Throwable t) {
24 super(msg, t);
25 }
26
27 /**
28 * Constructs an <code>AuthenticationException</code> with the specified message and no root cause.
29 *
30 * @param msg the detail message
31 */
32 public AuthenticationException(String msg) {
33 super(msg);
34 }
35
36 public AuthenticationException(String msg, Object extraInformation) {
37 super(msg);
38 this.extraInformation = extraInformation;
39 }
40
41 //~ Methods ========================================================================================================
42
43 /**
44 * The authentication request which this exception corresponds to (may be <code>null</code>)
45 */
46 public Authentication getAuthentication() {
47 return authentication;
48 }
49
50 public void setAuthentication(Authentication authentication) {
51 this.authentication = authentication;
52 }
53
54 /**
55 * Any additional information about the exception. Generally a <code>UserDetails</code> object.
56 *
57 * @return extra information or <code>null</code>
58 */
59 public Object getExtraInformation() {
60 return extraInformation;
61 }
62
63 public void clearExtraInformation() {
64 this.extraInformation = null;
65 }
66 }
下面是在AbstractAuthenticationManager类中被使用到的片断:
public final Authentication authenticate(Authentication authRequest) throws AuthenticationException {
try {
return doAuthentication(authRequest);
} catch (AuthenticationException e) {
e.setAuthentication(authRequest);
if (clearExtraInformation) {
e.clearExtraInformation();
}
throw e;
}
}
通过上述两段源码可以看到,老外在写代码时考虑得很细,在异常类中加入了额外信息后,还提供了一个 clearExtraInformation()方法,用来清除额外信息。