Spring boot Instead of custom exception unauthorized is shown [on hold]

Multi tool use
Multi tool use











up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday















up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security




spring-boot spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 17 hours ago

























asked yesterday









harrisKoud

194




194




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday


















  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday
















Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday






Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday














It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday




It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday












I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday




I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday












Show your full Spring Security configuration.
– dur
yesterday




Show your full Spring Security configuration.
– dur
yesterday

















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes

clLR 0INGEY QTNUW 6rgH2N d4H2k73Z2yrAbkrQTfNMsHlZx yfU0W8v8UMe Lciv801h e,vDw
-
LrEFIsjNxyeVdgb7sU,H1XOtAbMJL4T0f,IJmPw,S7 y38ea2xHR,HulLN,JC6Qnx4V,cGhnQqdy1AtJ4e,U x09TNR8 mfB UhCoQf

Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

Image
0 The contact form does not work, and affects loading after one try. The chrome console shows the error message: POST http://example.com/wp-json/contact-form-7/v1/contact-forms/50/feedback 404 (Not Found) send @ jquery.js?ver=1.12.4:4 ajax @ jquery.js?ver=1.12.4:4 wpcf7.submit @ scripts.js?ver=5.0.3:346 (anonymous) @ scripts.js?ver=5.0.3:53 dispatch @ jquery.js?ver=1.12.4:3 r.handle @ jquery.js?ver=1.12.4:3 How to solve this issue? thanks in advance javascript wordpress contact-form-7 share | improve this question edited Jul 17 '18 at 5:39 Kiran Shahi 4,745 3 16 43 ...
Read more

How to resolve this name issue having white space while installing the android Studio.?

Image
1 SDK location should not contain whitespace, as this can cause problems with the NDK tools. It says that the path name should not contain any white spaces. But i cant rename it. There is no any rename option for that folder when right clicked. When i change the folder to which there is not any space, it says that "Target Folder is neither empty nor does it point to an existing SDK Installation." android android-studio sdk android-ndk android-sdk-tools share | improve this question edited Nov 25 '18 at 17:49 Elletlar 1,515 3 15 23 ...
Read more

C# WPF - Problem with Material Design Textbox

Image
1 I'm new to programming and started to make an application for school. For that I use C# WPF and for a good-looking Application i installed Material Design. First i started the Demo of Material Design, where you can see what things you can use etc. with the good to copy. So after a quick view I found a nice TextBox with a border and a Checkbox on top of it. The code to copy was this <StackPanel> <CheckBox x:Name="MaterialDesignOutlinedTextFieldTextBoxEnabledComboBox" IsChecked="True" Margin="32,0,0,8"> Enabled </CheckBox> <TextBox Style="{StaticResource MaterialDesignOutlinedTextFieldTextBox}" Margin="32,0,0,0" VerticalAlignment="Top" Height="100" AcceptsReturn=...
Read more