search

Mercateo / spring-security-jwt

JWT support for spring-security
Apache License 2.0
30 stars 16 forks source link

Allow setting a custom AuthenticationFailureHandler #7

Closed mweirauch closed 7 years ago

mweirauch commented 7 years ago

With the following configuration ...

    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig.builder() //
               ...
                .addAnonymousPaths("/auth-failure")//
                .setValueAuthenticationFailureHandler(new ForwardAuthenticationFailureHandler(
                        "/auth-failure"))//
               ...
                .build();
    }

... you can e.g. forward to a custom Jersey-Resource, fetch the spring-security AuthenticationException ...

@Path("/auth-failure")
public class AuthFailureResource implements JerseyResource {

    @Context
    private HttpServletRequest request;

    @GET
    @Produces(MediaType.APPLICATION_JSON)
    public void getRoot() {
        final AuthenticationException ae = (AuthenticationException) request.getAttribute(
                WebAttributes.AUTHENTICATION_EXCEPTION);
        throw ae;
    }

}

... and have all exception handling and Response creation in the Jersey layer without having to provide a custom Spring-MVC ErrorController.

coveralls commented 7 years ago

Coverage Status

Coverage decreased (-0.3%) to 92.015% when pulling 9f06e9007553cba3d5875bbd9f61cccea634523a on custom-auth-failure-handler into 3a165cfd85fc08e0095b79d18f04ebf1ee3ba454 on master.