Handle spring security authentication exceptions with @ExceptionHandler

by

Ok, I tried as suggested writing the json myself from the AuthenticationEntryPoint and it works.

Just for testing I changed the AutenticationEntryPoint by removing response.sendError

@Component("restAuthenticationEntryPoint")
public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint{

    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
    
        response.setContentType("application/json");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        response.getOutputStream().println("{ \"error\": \"" + authenticationException.getMessage() + "\" }");

    }
}

In this way you can send custom json data along with the 401 unauthorized even if you are using Spring Security AuthenticationEntryPoint.

Obviously you would not build the json as I did for testing purposes but you would serialize some class instance.

In Spring Boot, you should add it to http.authenticationEntryPoint() part of SecurityConfiguration file.

More Related Contents:

  1. Spring Boot Security CORS
  2. How do I get the Session Object in Spring?
  3. Spring Boot CORS filter – CORS preflight channel did not succeed
  4. Spring Security exclude url patterns in security annotation configurartion
  5. Spring Security 3.2 CSRF support for multipart requests
  6. Spring Security configuration: HTTP 403 error
  7. Spring + Web MVC: dispatcher-servlet.xml vs. applicationContext.xml (plus shared security)
  8. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  9. Multiple antMatchers in Spring security
  10. An Authentication object was not found in the SecurityContext – Spring 3.2.2
  11. Spring Security 3.2 CSRF disable for specific URLs
  12. With Spring Security 3.2.0.RELEASE, how can I get the CSRF token in a page that is purely HTML with no tag libs
  13. Looking for a Simple Spring security example [closed]
  14. Spring security 4 custom login j_spring_security_check return http 302
  15. Is it possible to invalidate a spring security session?
  16. Spring Security : Multiple HTTP Config not working
  17. How to avoid the “Circular view path” exception with Spring MVC test
  18. What is difference between @RequestBody and @RequestParam?
  19. Spring Hibernate – Could not obtain transaction-synchronized Session for current thread
  20. Spring boot – Not a managed type
  21. Difference between Role and GrantedAuthority in Spring Security
  22. Spring CORS No ‘Access-Control-Allow-Origin’ header is present
  23. RESTful Authentication via Spring
  24. Enable HAL serialization in Spring Boot for custom controller method
  25. Converting from String to custom Object for Spring MVC form Data binding?
  26. Spring webSecurity.ignoring() doesn’t ignore custom filter
  27. antMatchers that matches any beginning of path
  28. Spring MVC Annotated Controller Interface with @PathVariable
  29. Neither BindingResult nor plain target object for bean name available as request attr [duplicate]
  30. Spring Boot with embedded Tomcat behind Apache proxy

Leave a Comment