New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restructure AuthenticationServiceException handling #12134
Comments
EDIT: Hi Josh! I bumped into this ticket after I upgraded spring-security-core to 5.7.6 where my authenticationEntryPoint functions are no longer picking up exceptions thrown by the oauth2 introspector (wrapped in an AuthenticationServiceException even though it still extends from AuthenticationException). So now I am confused... is that already in place? If so, what's the best way to handle these exceptions? Even with a @RestControllerAdvice they are not handled. If not... what's happening? Thanks! |
Hi @rpvilao @jzheaux - I am not sure what went wrong, atleast previously we were able to handle all exceptions with Would you please help with same ? |
Hi @amitbhoraniya, It was some time ago but I guess I just ended up implementing an object post processor:
The example is in koltin, you can adapt to your needs. |
@rpvilao - Yes, I did same and working for me. I am still wondering why |
I don't know, maybe someone from spring security can answer that question. |
An
AuthenticationServiceException
represents something that went wrong on the server side. As such, it shouldn't be handled byAuthenticationEntryPoint
s.This means that likely is shouldn't be handled by
ExceptionTranslationFilter
or any of the authentication filters.However, because this class extends
AuthenticationException
, it is required for each component to somehow opt-out of handing to itsAuthenticationEntryPoint
.One way to address this is to change
AuthenticationServiceException
to no longer inherit fromAuthenticationException
. Another way would be to add a new exception likeAuthenticationServerErrorException
-- similar tospring-web
'sHttpServerErrorException
-- that doesn't inherit fromAuthenticationException
.The text was updated successfully, but these errors were encountered: