Results 1 to 5 of 5

Thread: Exception handling with custom authentication manager

  1. Nov 24th, 2011, 12:23 AM #1
    sweta
    sweta is offline Junior Member
    Join Date
    Jul 2009
    Posts
    17

    Default Exception handling with custom authentication manager

    Hi,

    I have implemented my own custom authentication manager. From the client application (Android app) I would like to retrieve a token for a userby using Resource owner password credentials authorization type. In case where wrong credentials are given I throw
    UsernameNotFoundException exception in my custom UserDetailsService, but in my client app I do not get a proper error response. When I debugged the code I found OAuth2ExceptionHandlerFilter returns a RuntimeException as a result of DefaultProviderExceptionHandler
    returning RuntimeException and due to this a proper response is not formed. Can you suggest me what I can do in this case?

    Thanks,
    Sweta
    Reply With Quote Reply With Quote
  2. Nov 24th, 2011, 02:36 AM #2
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,230

    Default

    The normal Spring Security ExceptionHandlerFilter should catch that exception and handle it in whatever way you specified in your <http/> configuration. If it doesn't, then it's possible your OAuth filter is in the wrong place in the filter chain. Look at the tonr sample to see how it is configured.
    Last edited by Dave Syer; Nov 24th, 2011 at 05:04 AM.
    Reply With Quote Reply With Quote
  3. Nov 24th, 2011, 08:54 PM #3
    sweta
    sweta is offline Junior Member
    Join Date
    Jul 2009
    Posts
    17

    Default

    I have not specified anything in the security configuration file in the client side.I have directly done a POST request for retrieving the token as done in one of your Test classes. On the Service provider (sparklr) side I do get that exception but the error response is not passed properly to the client side. Instead it gives a 302 Temporarily Moved response status.
    Reply With Quote Reply With Quote
  4. Nov 25th, 2011, 03:02 AM #4
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,230

    Default

    I'm confused about the client. You aren't using Spring Security OAuth2RestTemplate I guess? But that's not relevant.

    On the provider the 302 is generated by the normal Spring Security ExceptionHandlerFilter - that is its default behaviour, so if you want something else you need to look at the standard Spring Security features I think, and it's nothing really to do with OAuth,
    Reply With Quote Reply With Quote
  5. Nov 26th, 2011, 08:25 AM #5
    jbbarquero
    jbbarquero is offline Senior Member
    Join Date
    May 2006
    Location
    Madrid
    Posts
    382

    Default

    Take a look to your server application, just in case it is managing the error codes that Spring security throws in its normal use.

    For instance, I tried to use Spring Security for managing the security into an existing application with Basic Authentication (plus a custom userDetailsService) and it didn't work.

    The problem was that the web.xml had entries to manage some HTTP error codes, and 401 was among them.

    That is the necessary code to commence the Authentication, so it didn't work because the application was handling some of the Security concerns and hence, the security steps didn't seem to work.

    I hope it helps you.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules