Although this seems like an easy task, the opposite is true. I am trying to configure error handling for OAuth2 client authentication requests. The purpose of this is to remove the stacktrace / message exception from the response message.
Context
- vanilla Oauth2 Spring Running Security
- Java Spring Configuration
Steps taken to complete the task
- Create a custom implementation of
OAuth2ExceptionRenderer Create an instance of @Bean OAuth2AuthenticationEntryPoint
@Bean public OAuth2AuthenticationEntryPoint clientAuthEntryPoint() { OAuth2AuthenticationEntryPoint clientEntryPoint = new OAuth2AuthenticationEntryPoint(); clientEntryPoint.setTypeName("Basic"); clientEntryPoint.setRealmName("my-realm/client"); clientEntryPoint.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return clientEntryPoint; }
Create an access denial handler
@Bean public OAuth2AccessDeniedHandler accessDeniedHandler() { OAuth2AccessDeniedHandler adh = new OAuth2AccessDeniedHandler(); adh.setExceptionRenderer(new CustomOAuth2ExceptionRenderer()); return adh; }
Complement AuthorizationServerSecurityConfigurer , among other things, with these specialized implementations in AuthorizationServerConfiguration
@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { @Override public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { oauthServer.authenticationEntryPoint(clientAuthEntryPoint()); oauthServer.accessDeniedHandler(accessDeniedHandler()); oauthServer.realm("my-realm"); } }
OAuth2 Request
We use curl to initialize OAuth2 reuqests. Here is the command we use to authenticate the client:
curl --insecure -H "Accept: application/json" -X POST -iu adfadsf:asdvadfgadf "https://localhost:8430/oauth/token?grant_type=password$username=john&pasword=johny"
Observed behavior
Because client authentication is basic authentication, Spring Security will assign BasicAuthenticationFilter to this step. If this happens with a backend error associated with this step (for example, an SQL exception), Spring Security will not receive OAuth2AuthenticationEntryPoint and will return to the default entry point BasicAuthenticationEntryPoint .
Magazines
ossauthentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider osswawww.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException: show me the money swaDelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest] swaDelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframewor k.security.web.authentication.www.BasicAuthenticationEntryPoint@ 649f92da sswcSecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed```
java spring-security spring-security-oauth2 oauth
nucatus
source share