Spring boot Instead of custom exception unauthorized is shown [closed]











up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}


I thought of a workaround, instead of throwing the custom exception, i used the code below



        if (userExists.isPresent()) {

        log.error(UserUtil.USER_EXISTS);

        JSONObject error = new JSONObject();

        error.put("error", UserUtil.USER_EXISTS);

        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(error.toString());

    }





spring-boot spring-security







share|improve this question















closed as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat Nov 20 at 7:52


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    Nov 19 at 9:46












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    Nov 19 at 10:23










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    Nov 19 at 10:56










  • Show your full Spring Security configuration.
    – dur
    Nov 19 at 19:36















up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}


I thought of a workaround, instead of throwing the custom exception, i used the code below



        if (userExists.isPresent()) {

        log.error(UserUtil.USER_EXISTS);

        JSONObject error = new JSONObject();

        error.put("error", UserUtil.USER_EXISTS);

        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(error.toString());

    }





spring-boot spring-security







share|improve this question















closed as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat Nov 20 at 7:52


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    Nov 19 at 9:46












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    Nov 19 at 10:23










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    Nov 19 at 10:56










  • Show your full Spring Security configuration.
    – dur
    Nov 19 at 19:36













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}


I thought of a workaround, instead of throwing the custom exception, i used the code below



        if (userExists.isPresent()) {

        log.error(UserUtil.USER_EXISTS);

        JSONObject error = new JSONObject();

        error.put("error", UserUtil.USER_EXISTS);

        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(error.toString());

    }





spring-boot spring-security







share|improve this question















I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}


I thought of a workaround, instead of throwing the custom exception, i used the code below



        if (userExists.isPresent()) {

        log.error(UserUtil.USER_EXISTS);

        JSONObject error = new JSONObject();

        error.put("error", UserUtil.USER_EXISTS);

        return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(error.toString());

    }





spring-boot spring-security




spring-boot spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 21 at 21:24

























asked Nov 19 at 9:17









harrisKoud

194




194




closed as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat Nov 20 at 7:52


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.




closed as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat Nov 20 at 7:52


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    Nov 19 at 9:46












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    Nov 19 at 10:23










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    Nov 19 at 10:56










  • Show your full Spring Security configuration.
    – dur
    Nov 19 at 19:36


















  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    Nov 19 at 9:46












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    Nov 19 at 10:23










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    Nov 19 at 10:56










  • Show your full Spring Security configuration.
    – dur
    Nov 19 at 19:36
















Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
Nov 19 at 9:46






Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
Nov 19 at 9:46














It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
Nov 19 at 10:23




It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
Nov 19 at 10:23












I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
Nov 19 at 10:56




I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
Nov 19 at 10:56












Show your full Spring Security configuration.
– dur
Nov 19 at 19:36




Show your full Spring Security configuration.
– dur
Nov 19 at 19:36

















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes

-

Popular posts from this blog

Ottavio Pratesi

Image
.mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce sull'argomento ciclisti italiani è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Ottavio Pratesi Nazionalità   Italia Ciclismo Specialità Strada Ritirato 1927 Carriera Squadre di club 1910-1911 Individuale 1912   Alcyon-Dunlop 1913 Globo-Dunlop 1914   Alcyon-Dunlop 1915-1922 Individuale 1923 Lygie 1924 Ostende 1925 Individuale   Modifica dati su Wikidata  · Manuale Ottavio Pratesi (Rosignano Marittimo, 1º gennaio 1889 – Livorno, 3 novembre 1977) è stato un ciclista su strada italiano, professionista tra il 1910 ed il 1925, era soprannominato il "Falco di ...
Read more

Tricia Helfer

Image
Tricia Helfer Tricia Helfer al Comic-Con 2015 Altezza 179 [1]  cm Misure 86-61-89 [1] Taglia 38 [1] (UE) - 8 [1] (US) Scarpe 40 [1] (UE) - 9 [1] (US) Occhi Azzurri [1] Capelli Biondo scuro [1] Modifica dati su Wikidata  · Manuale Tricia Helfer (Donalda, 11 aprile 1974) è una supermodella e attrice canadese, conosciuta principalmente per il suo ruolo di Numero Sei nella serie televisiva Battlestar Galactica . Indice 1 Carriera 2 Filmografia 2.1 Cinema 2.2 Televisione 2.3 Video musicali 2.4 Doppiatrice 2.4.1 Cinema 2.4.2 Televisione 2.4.3 Videogiochi 2.5 Produttrice 2.6 Agenzie 3 Doppiatrici italiane 4 Note 5 Altri progetti 6 Collegamenti esterni Carriera | Di origine inglese, tedesca, norvegese e svedese, nel 1992 Tricia vinse il concorso di "Ford Models Supermodel of the World", organizzato dall'agenzia Ford Models e fu poi assunta dall'agenzia ...
Read more

15 giugno

Image
gennaio  · febbraio  · marzo  · aprile  · maggio  · giugno 2018  · luglio  · agosto  · settembre  · ottobre  · novembre  · dicembre Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa Do Lu Ma Me Gi Ve Sa ← 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 → Il 15 giugno è il 166º giorno del calendario gregoriano (il 167º negli anni bisestili). Mancano 199 giorni alla fine dell'anno. Indice 1 Eventi 2 Nati 3 Morti 4 Feste e ricorrenze 4.1 Civili 4.2 Religiose 5 Altri progetti Eventi | 763 a.C. – Gli Assiri registrano un'eclissi solare 923 – Battaglia di Soissons: re Roberto I di Francia viene ucciso, re Carlo il Semplice viene arrestato dai sostenitori del duca Rodolfo di Borgogna 1094 – Reconquista: Valencia cade nelle mani di El Cid 1215 – Re Giovanni d'Inghilterra appone i...
Read more