-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AccessDeniedHandler and AuthenticationEntryPoint does not work Because of the global exception handler #6908
Comments
I got the same problem,how to fix this bug? |
Currently I can only throw the exception caught by the global exception handler up, and then AccessDeniedHandler and AuthenticationEntryPoint can catch this exception. You can check out the handler in spring-security-demo I wrote earlier.GlobalExceptionHandler |
There really isn't anything we can do on our side. It might be that users actually want to catch the exception and process it. Instead we recommend that if you get a Security related exception to re-throw it. |
Thank you for your reply, my current practice is to re-throw spring-security related exceptions. |
Same prolem here |
Similar questions. Neither call AuthenticationEntryPoint, nor call global exception handler. But get: |
i got this problem if using |
Closing. As mentioned before, there isn't anything we can do. Users may want to be handling the Security related exceptions. |
I got this problem too,how to fix it? |
@zhuzhiyun Catch AccessDeniedException and AuthenticationException and throw them, AccessDeniedHandler and AuthenticationEntryPoint will work normally.see GlobalExceptionHandler |
Hi, have you fixed this problem? Catch
|
@aboutZZ 我之前写的spring-security-demo,定义了一个全局异常捕获器捕获spring-security相关的异常,然后继续向上抛出就能进入到AccessDeniedHandler和AuthenticationEntryPoint中了,我怀疑你没有将这两个类配置进去,你看一下这个配置类WebSecurityConfig中的configure方法 |
全局异常捕获器捕获后再抛出
写法应该没问题啊 |
@aboutZZ 你在ExceptionTranslationFilter这个过滤器的doFilter方法中打断点看看呢,spring-security中的异常都会经过这个过滤器的,还有把异常堆栈贴一下,看看经过spring-security的哪几个过滤器了。 |
如下图,
在经过 堆栈信息如下:
通过日志发现被重定向到
|
@aboutZZ 你把配置中的 |
Problem solved:
|
@aboutZZ 👋👋👋 |
Summary
AccessDeniedHandler and AuthenticationEntryPoint do not work because the global exception handler is defined
Actual Behavior
When the request has an AuthenticationException or an AccessDeniedException, it does not enter my custom AccessDeniedHandler and AuthenticationEntryPoint.
1、Access to protected resources
2、Console prints AccessDeniedException,it does not enter my custom AccessDeniedHandler
3、I found it into my custom global exception handler.
Expected Behavior
enter my custom AccessDeniedHandler or AuthenticationEntryPoint
Configuration
Version
spring-boot-starter-security 2.1.5.RELEASE
Sample
spring-security-demo
Additional
From the log printed by the console, I guess if the AccessDeniedException thrown by the MethodSecurityInterceptor when calling the beforeInvocation method is caught by the global exception handler, causing the superior ExceptionTranslationFilter to not catch the exception.
The text was updated successfully, but these errors were encountered: