Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions #9429

Closed
jzheaux opened this issue Feb 10, 2021 · 2 comments
Closed

Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions #9429

jzheaux opened this issue Feb 10, 2021 · 2 comments
Assignees
@rwinch @Kehrlann
Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Milestone
6.0.0-RC1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Feb 10, 2021

When (Reactive)AuthenticationManager throws or resolves to an AuthenticationServiceException, Authentication(Web)Filter should instead return a 500 HTTP response.
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Feb 10, 2021
@jzheaux jzheaux mentioned this issue Feb 10, 2021
Closed
@rwinch rwinch modified the milestones: 5.8.x, 6.0.x Jun 6, 2022
@rwinch rwinch self-assigned this Jun 14, 2022
@Kehrlann
Copy link
Contributor

Hey there 👋 I'm interested in picking this one up.

@Kehrlann
Copy link
Contributor

Hey @jzheaux , a few questions regarding this.

Here's my interpretation of the story (for AuthenticationFilter):

When the user does not override the failureHandler

When the AuthenticationManager throws an AuthenticationServiceException ;
Then the exception is re-thrown, ultimately producing a HTTP 500

When the user provides a custom failureHandler

When the AuthenticationManager throws an AuthenticationServiceException ;
That exception is passed to the user's failureHandler and process by that

Let me know if I'm missing something.

@jzheaux jzheaux added the type: breaks-passivity A change that breaks passivity with the previous release label Sep 30, 2022
@Kehrlann Kehrlann mentioned this issue Oct 3, 2022
Closed
@Kehrlann Kehrlann mentioned this issue Oct 3, 2022
Closed
Kehrlann added a commit to Kehrlann/spring-security that referenced this issue Oct 11, 2022
@Kehrlann
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
e7a8ceb 
Issue spring-projectsgh-11932, spring-projectsgh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
jzheaux pushed a commit that referenced this issue Oct 14, 2022
@Kehrlann @jzheaux
Add (Server)AuthenticationEntryPointFailureHandlerAdapter
200b7fe 
Issue gh-11932, gh-9429

(Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead
when an AuthenticationServiceException is thrown, instead of HTTP 401.
This commit deprecates the current behavior and introduces an opt-in
(Server)AuthenticationEntryPointFailureHandlerAdapter with the expected
behavior.

BearerTokenAuthenticationFilter uses the new adapter, but with a closure
to keep the current behavior re: entrypoint.
@jzheaux jzheaux modified the milestones: 6.0.x, 6.0.0-RC1 Oct 14, 2022
jzheaux added a commit that referenced this issue Oct 31, 2022
@jzheaux
Add AuthenticationEntryPointFailureHandler Preparation Steps
39f4fcd 
Issue gh-9429
jzheaux added a commit that referenced this issue Oct 31, 2022
@jzheaux
Add AuthenticationEntryPointFailureHandler Migration Steps
2a2f7a1 
Issue gh-9429
jzheaux added a commit that referenced this issue Nov 2, 2022
@jzheaux
Add AuthenticationServiceException Reactive Preparation Steps
ba8f344 
Issue gh-9429
Issue gh-12132
jzheaux added a commit that referenced this issue Nov 3, 2022
@jzheaux
Add AuthenticationServiceException Reactive Migration Steps
5760b6d 
Issue gh-9429
Issue gh-12132
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

@Kehrlann Kehrlann

Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.0.0-RC1
Development

No branches or pull requests
3 participants
@rwinch @jzheaux @Kehrlann