OAuth 1.0 Custom Error Responses
Hi,
I'm using OAuth 1.0 in a 2-legged configuration and I'm trying to customise the error response sent back to the client.
There are a number of possible exceptions that can be raised by ProtectedResourceProcessingFilter, and more specifically by the class it extends OAuthProviderProcessingFilter and it's doFilter() method.
The exceptions are caught in the following block of code and dispatched as necessary:
The fail() method gets called and in here the error is dealt with. There is a reference to the authetication entry point but although I set this as the <http> entry point, it never gets called. The code is the following:Code:catch (AuthenticationException ae) { fail(request, response, ae); } catch (ServletException e) { if (e.getRootCause() instanceof AuthenticationException) { fail(request, response, (AuthenticationException) e.getRootCause()); } else { throw e; } }
The question is, how can I override this method? or if there is a more systematic way of modifing the error responses?Code:protected void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failure) throws IOException, ServletException { SecurityContextHolder.getContext().setAuthentication(null); if (log.isDebugEnabled()) { log.debug(failure); } if (failure instanceof InvalidOAuthParametersException) { response.sendError(400, failure.getMessage()); } else if (failure.getCause() instanceof UnsupportedSignatureMethodException) { response.sendError(400, failure.getMessage()); } else { authenticationEntryPoint.commence(request, response, failure); } }
I'm not quite sure how I should go about replacing this specific filter with my own.
Thanks,
Ale
Reply With Quote
Originally Posted by Ale
