Configure 403 error on spring boot server
I am trying (without success) to configure a 403 exception error in my spring boot application. This app is a rest server that returns a json response. It has a custom AuthenticationProvider that validates the validity of the JWT token. When the token has expired, I would like to return a custom JSON response, not a standard one (which is {"timestamp": 1494852457132, "status": 403, "error": "Forbidden", "message": "Access Denied", " path ":" / api / factory / application "})
Here's the important piece of code:
Security Configuration Class :
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationProvider jwtAuthenticationProvider;
@Autowired
private JwtAuthFilter jwtAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/v2/api-docs").permitAll()
//.anyRequest().authenticated()
.antMatchers("/application/**").authenticated()
//@JLC:add test in security
.antMatchers("/test/**").permitAll()
.and()
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(jwtAuthenticationProvider);
}
}
Filter:
@Component
public class JwtAuthFilter extends GenericFilterBean {
private final Logger log = LoggerFactory.getLogger(this.getClass());
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletRequest = (HttpServletRequest) request;
String authorization = servletRequest.getHeader("Authorization");
if (authorization != null) {
JwtAuthToken token = new JwtAuthToken(authorization.replaceAll("Bearer ", ""));
SecurityContextHolder.getContext().setAuthentication(token);
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
And an authentication provider: . It is in this class (during the call to the jwtService.verify method) where an exception can be thrown if the token has expired.
@Component
public class JwtAuthenticationProvider implements AuthenticationProvider {
private final Logger log = LoggerFactory.getLogger(this.getClass());
private final JwtService jwtService;
@SuppressWarnings("unused")
public JwtAuthenticationProvider() {
this(null);
}
@Autowired
public JwtAuthenticationProvider(JwtService jwtService) {
this.jwtService = jwtService;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
log.info("authenticate ... entering" + authentication.getCredentials());
try {
AuthenticationInfo authentInfo = jwtService.verify((String) authentication.getCredentials());
Authentication profile = new JwtAuthenticatedProfile(authentInfo);
return profile;
} catch (Exception e) {
log.error("Error authenticate", e);
throw new JwtAuthenticationException("Failed to verify token", e);
}
}
@Override
public boolean supports(Class<?> authentication) {
return JwtAuthToken.class.equals(authentication);
}
}
I tried to catch the exception in the filter, but I never enter the catch clause, I also tried to follow the statement in this post Exclude security errors in spring Boot Resource Server , but no success: when an exception is thrown, no code is injected in the onAuthenticationFailure method of the RestAuthenticationFailureHandler class.
Note: The JWT token was generated by another server
No one has answered this question yet
See similar questions:
or similar: