New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can I customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer? #375

Closed
tianyuanzhonglu opened this Issue Jan 26, 2015 · 10 comments

Comments

Projects
None yet
7 participants
@tianyuanzhonglu

tianyuanzhonglu commented Jan 26, 2015

For an invalid access token, InvalidTokenException will occur and output

{"error":"invalid_token","error_description":"Invalid access token: asdfasdf"}

when in json format.

Could I customize the json format, such as

{"code": 123, "error":"invalid_token","error_description":"Invalid access token: asdfasdf"}

? I read the code, But there is no way to set custom OAuth2AuthenticationEntryPoint or OAuth2ExceptionRenderer in ResourceServerSecurityConfigurer.

@tianyuanzhonglu tianyuanzhonglu changed the title from [Suggest] Can we customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer? to [Suggest] Can I customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer? Jan 26, 2015

@dsyer dsyer changed the title from [Suggest] Can I customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer? to Can I customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer? Jan 26, 2015

@dsyer dsyer added the Question label Jan 26, 2015

@dsyer

This comment has been minimized.

Member

dsyer commented Jan 26, 2015

ResourceServerSecurityConfigurer has an authenticationEntryPoint() method (I think there were some issues with it up to 2.0.5, so please try a snapshot). You can inject the entry point there and customize its WebResponseExceptionTranslator.

@tianyuanzhonglu

This comment has been minimized.

tianyuanzhonglu commented Jan 27, 2015

@dsyer Thank you very much!

@breakline87

This comment has been minimized.

breakline87 commented Jul 27, 2015

Hello

I face the same problem, how can I configure this via xml? I assume it should be somewhere where I configure my resource server with:

<oauth:resource-server id="resourceServerFilter" token-services-ref="tokenServices" />

can I inject it there?

THank you

@tianyuanzhonglu

This comment has been minimized.

tianyuanzhonglu commented Aug 14, 2015

@breakline87

I'm use Annotation, XML maybe the same.

Bean:

    @Bean
    WebResponseExceptionTranslator exceptionTranslator() {
        return new CustomWebResponseExceptionTranslator();
    }

AuthorizationServer config:

@Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.tokenServices(oauth2ServerConfig.defaultTokenService());
            ...
            endpoints.exceptionTranslator(oauth2ServerConfig.exceptionTranslator());
        }
}

Custom exception translator:

public class CustomWebResponseExceptionTranslator /*extends DefaultWebResponseExceptionTranslator*/ implements WebResponseExceptionTranslator {
}

hope it helpful

@nklnandu

This comment has been minimized.

nklnandu commented Jan 6, 2016

In which config we need to mention the Custom exception translator in the config.xml

@nklnandu

This comment has been minimized.

nklnandu commented Jan 8, 2016

Here is my current code

@bean(name = "exceptionRenderer")
public CustomExceptionRenderer getCustomExceptionRenderer() {
CustomExceptionRenderer customExceptionRenderer = new CustomExceptionRenderer();
return customExceptionRenderer;
}

@bean(name = "exceptionTranslator")
public CustomExceptionTranslator getWebResponseExceptionTranslator() {
CustomExceptionTranslator customExceptionTranslator = new CustomExceptionTranslator();
return customExceptionTranslator;
}

@bean(name = "clientAuthenticationEntryPoint")
public CustomOAuth2AuthenticationEntryPoint getClientAuthenticationEntryPoint() throws Exception {
CustomOAuth2AuthenticationEntryPoint customOAuth2AuthenticationEntryPoint = new CustomOAuth2AuthenticationEntryPoint();
customOAuth2AuthenticationEntryPoint.setExceptionTranslator(getWebResponseExceptionTranslator());
customOAuth2AuthenticationEntryPoint.setExceptionRenderer(getCustomExceptionRenderer());
return customOAuth2AuthenticationEntryPoint;
}
How to inject my CustomExceptionTranslator in the TokenPoint during runtime ?

I am always getting the DefaultWebResponseExceptionTranslator class .
Help me to configure my custom translator and set my own error messages in the response.

@breakline87

This comment has been minimized.

breakline87 commented Jan 8, 2016

I found a way to do this. You'll need to classes. First one which extends DefaultOAuth2ExceptionRenderer:

public class MyOauthExceptionRenderer extends DefaultOAuth2ExceptionRenderer {

public MyOauthExceptionRenderer () {
    setMessageConverters(getMessageConverters());
}

private List<HttpMessageConverter<?>> getMessageConverters() {
    List<HttpMessageConverter<?>> result = new ArrayList<HttpMessageConverter<?>>();
    result.add(new MyOauthMessageConverter());
    return result;
}

}

Then you need the class which actually converts the object to your own type. Also in this case I use the MappingJackson2HttpMessageConverter class which basically lets you convert the output to json atuomatically:

public class MyOauthMessageConverter extends MappingJackson2HttpMessageConverter {

@Override
protected void writeInternal(Object object, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException {
    super.writeInternal(transformObject(object), outputMessage);
}

protected Object transformObject(Object object) {
           //ApiResponse is just my own class, replace it with anything you wanna return
    ApiResponse response = new ApiResponse();
    response.setError(true);
    response.setErrorCode(Errors.ERROR_OAUTH.getCode());
    response.setErrorMessage(object.toString());
    if(object instanceof OAuth2Exception) {
        //....custom code for OAuth2Exception
    }
    return response;
}

}

Hope this helps.

@monkeyk

This comment has been minimized.

monkeyk commented Sep 11, 2017

@tomaszzz

This comment has been minimized.

tomaszzz commented Mar 5, 2018

@dsyer Hi, with the latest release of spring 5.0.0, does anything get simplified for configuring custom response handlers to Authorization exceptions (org.springframework.security.authentication.InsufficientAuthenticationException)?
I am currently looking into configuring OAuth2AuthenticationEntryPoint to overwrite its ResponseEntity enhanceResponse(ResponseEntity result, Exception authException) method but having a hard time with getting a hold of the default bean s to properly configure it or to replace it.

This is in context of configuring a standalone app that is a ResourceServer which extends its own ResourceServerConfigurerAdapter.

@kpavlov

This comment has been minimized.

kpavlov commented Jun 28, 2018

In case of resource server you may inject your ExceptionTranslator like here (code is in Kotlin):

import com.payconiq.document.rest.v1.error.CustomWebResponseExceptionTranslator
import org.springframework.context.annotation.Configuration
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint

@Configuration
class OAuth2ResourceServerConfiguration : ResourceServerConfigurerAdapter.ResourceServerConfigurerAdapter() {

    override fun configure(resources: ResourceServerSecurityConfigurer) {
        val authenticationEntryPoint = OAuth2AuthenticationEntryPoint()
        authenticationEntryPoint.setExceptionTranslator(CustomWebResponseExceptionTranslator())
        resources.authenticationEntryPoint(authenticationEntryPoint)
    }
}```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment