Closed mweirauch closed 7 years ago
With the following configuration ...
@Bean public JWTSecurityConfig securityConfig() { return JWTSecurityConfig.builder() // ... .addAnonymousPaths("/auth-failure")// .setValueAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler( "/auth-failure"))// ... .build(); }
... you can e.g. forward to a custom Jersey-Resource, fetch the spring-security AuthenticationException ...
AuthenticationException
@Path("/auth-failure") public class AuthFailureResource implements JerseyResource { @Context private HttpServletRequest request; @GET @Produces(MediaType.APPLICATION_JSON) public void getRoot() { final AuthenticationException ae = (AuthenticationException) request.getAttribute( WebAttributes.AUTHENTICATION_EXCEPTION); throw ae; } }
... and have all exception handling and Response creation in the Jersey layer without having to provide a custom Spring-MVC ErrorController.
Response
ErrorController
Coverage decreased (-0.3%) to 92.015% when pulling 9f06e9007553cba3d5875bbd9f61cccea634523a on custom-auth-failure-handler into 3a165cfd85fc08e0095b79d18f04ebf1ee3ba454 on master.
With the following configuration ...
... you can e.g. forward to a custom Jersey-Resource, fetch the spring-security
AuthenticationException
...... and have all exception handling and
Response
creation in the Jersey layer without having to provide a custom Spring-MVCErrorController
.