Spring boot Instead of custom exception unauthorized is shown [on hold]











up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");

web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");

}}



public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {

@Autowired
private SigningKeyConfig signingKeyConfig;


@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}

@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKeyConfig.getJwtSigningKey());
return converter;
}

@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}









share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday















up vote
0
down vote

favorite












I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");

web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");

}}



public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {

@Autowired
private SigningKeyConfig signingKeyConfig;


@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}

@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKeyConfig.getJwtSigningKey());
return converter;
}

@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}









share|improve this question















put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.













  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");

web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");

}}



public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {

@Autowired
private SigningKeyConfig signingKeyConfig;


@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}

@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKeyConfig.getJwtSigningKey());
return converter;
}

@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}









share|improve this question















I have a post endpoint to create a user. I want this endpoint to be security free.
I have achieved this in the WebSecurityConfiguration which extends WebSecurityConfigurerAdapter, with



web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");


In my createUser method I have a check that if the username of a to-be-created user exists, then throws a UserAllreadyExistsException.



The problem is that if the username exists, instead of this exception I get the response below



{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}


Note: if I call this endpoint with a token, then I get the exception.



@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**");

web.ignoring().antMatchers(HttpMethod.POST, "/v1/user/create");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/policies/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/privacy/language/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/user/packages/**");
web.ignoring().antMatchers(HttpMethod.GET, "/v1/config/configName/**");

}}



public class OAuth2ResourceServerConfig extends esourceServerConfigurerAdapter {

@Autowired
private SigningKeyConfig signingKeyConfig;


@Override
public void configure(ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}

@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}

@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKeyConfig.getJwtSigningKey());
return converter;
}

@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}






spring-boot spring-security






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 17 hours ago

























asked yesterday









harrisKoud

194




194




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.




put on hold as off-topic by dur, snakecharmerb, sideshowbarker, Makyen, GhostCat 17 hours ago


This question appears to be off-topic. The users who voted to close gave this specific reason:


  • "Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: How to create a Minimal, Complete, and Verifiable example." – dur, snakecharmerb, sideshowbarker, Makyen, GhostCat

If this question can be reworded to fit the rules in the help center, please edit the question.












  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday


















  • Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
    – g00glen00b
    yesterday












  • It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
    – harrisKoud
    yesterday










  • I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
    – harrisKoud
    yesterday










  • Show your full Spring Security configuration.
    – dur
    yesterday
















Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday






Are you sure this only happens when the username doesn't exist? This is a typical Spring Security error message. Since those validations usually happen before any business logic is executed, I guess that this is entirely unrelated to the UserAlreadyExistsException you're throwing. You can verify that by trying a username that doesn't exist (should work), or by putting a breakpoint within the createUser() method.
– g00glen00b
yesterday














It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday




It happens when i throw any exception inside this method. If i use a valid token then i get as a response the exception i throw.
– harrisKoud
yesterday












I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday




I also test it with debug, it reaches the point the exception is thrown, but in the response i get the unauthorized. Not the exception.
– harrisKoud
yesterday












Show your full Spring Security configuration.
– dur
yesterday




Show your full Spring Security configuration.
– dur
yesterday

















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes

Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python