Spring boot Instead of custom exception unauthorized is shown [on hold]











up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday















up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security







share|improve this question















I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with 



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{

    "error": "unauthorized",

    "error_description": "Full authentication is required to access this resource"

}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration

@EnableWebSecurity

@EnableGlobalMethodSecurity

public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");



        web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");

        web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");



    }}







public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {



    @Autowired

    private SigningKeyConfig signingKeyConfig;





    @Override

    public void configure(ResourceServerSecurityConfigurer config) {

        config.tokenServices(tokenServices());

    }



    @Bean

    public TokenStore tokenStore() {

        return new JwtTokenStore(accessTokenConverter());

    }



    @Bean

    public JwtAccessTokenConverter accessTokenConverter() {

        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();

        converter.setSigningKey(signingKeyConfig.getJwtSigningKey());

        return converter;

    }



    @Bean

    @Primary

    public DefaultTokenServices tokenServices() {

        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();

        defaultTokenServices.setTokenStore(tokenStore());

        return defaultTokenServices;

    }

}





spring-boot spring-security




spring-boot spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 17 hours ago

























asked yesterday









harrisKoud

194




194




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday


















  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday
















Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday






Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday














It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday




It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday












I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday




I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday












Show your full Spring Security configuration.
– dur
yesterday




Show your full Spring Security configuration.
– dur
yesterday

















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes

-

Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

Image
0 The contact form does not work, and affects loading after one try. The chrome console shows the error message: POST http://example.com/wp-json/contact-form-7/v1/contact-forms/50/feedback 404 (Not Found) send @ jquery.js?ver=1.12.4:4 ajax @ jquery.js?ver=1.12.4:4 wpcf7.submit @ scripts.js?ver=5.0.3:346 (anonymous) @ scripts.js?ver=5.0.3:53 dispatch @ jquery.js?ver=1.12.4:3 r.handle @ jquery.js?ver=1.12.4:3 How to solve this issue? thanks in advance javascript wordpress contact-form-7 share | improve this question edited Jul 17 '18 at 5:39 Kiran Shahi 4,745 3 16 43
Read more

How to know if a Active Directory user can login interactively

Image
1 I would like to know if and how is it possible to know if a AD user can login interactively (on a server) in a domain. I need to know if I can find it out using a LDAP search. Thanks. windows active-directory login user-permissions user-profile share | improve this question edited 1 hour ago yagmoth555 ♦ 11.6k 3 17 42 asked 1 hour ago Luigi Luigi 6 1 New contributor
Read more

TypeError: fit_transform() missing 1 required positional argument: 'X'

Image
0 I am trying to do Feature Scaling in a dataset, but I get an error and have no idea how to proceed: > Traceback (most recent call last): > > File "<ipython-input-10-71bea414b4d0>", line 22, in <module> > x_train = sc_X.fit_transform(x_train) > > TypeError: fit_transform() missing 1 required positional argument: 'X' and here is my code: import pandas as pd # Importing the dataset dataset = pd.read_csv('Data.csv') X = dataset.iloc[:, :-1].values y = dataset.iloc[:, 3].values # Taking care of missing data from sklearn.preprocessing import Imputer imputer = Imputer(missing_values="NaN", strategy="mean", axis=0) imputer = Imputer.fit(imputer,X[:,1:3]) X[:, 1:3] = Imputer.transform(imputer,X[
Read more