Comments (3)
ttomtsis
commented on July 23, 2024
Still not fixed
from dvdapplication.
ttomtsis
commented on July 23, 2024
Entrypoint is not used despite changing security configuration. Response is not returned even through controller advice has been set.
from dvdapplication.
ttomtsis
commented on July 23, 2024
Rewrote security config and entrypoint. Also attempted to solve in following manner:
-
i) Remove Exception Translation Filter and allow only Exception Advice to hande exception -
ii) Remove Exception Advice and let Entrypoint handle exception ( added exception filter again ) -
iii) Tried adding exception filter before basic auth filter and retried the aboveAlso observed the following: Custom Entrypoint is never used despite adding Exception Translation filter.
My conclusion for now is that this is a spring security specific issue
// Authentication Entrypoint
@Component
public class MyBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {
private static Logger log = LoggerFactory.getLogger("Exception Handler");
@Override
public void commence(
HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
throws IOException{
PrintWriter writer = response.getWriter();
response.addHeader("WWW-Authenticate", "Basic realm= DVD-Store");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("text/plain");
log.warn("INSIDEEE");
if ( authEx instanceof BadCredentialsException) {
log.warn("bad cred");
writer.println("HTTP Status 401 - " + " Provided credentials are invalid");
}
if ( authEx instanceof MissingCredentialsException ) {
log.warn("missing sth");
writer.println("HTTP Status 401 - " + " Missing required fields: " + authEx.getMessage());
}
if ( authEx instanceof InsufficientAuthenticationException ) {
log.warn("insuf");
writer.println("HTTP Status 401 - " + " You need to login in order to access this resource");
}
// Exception Advises
@ResponseBody
@ExceptionHandler(InsufficientAuthenticationException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
String InssuficientAuthenticationHandler(InsufficientAuthenticationException ex) {
log.info("Insufficient Authentication");
return "You need to be authenticated to access this resourced";
}
@ResponseBody
@ExceptionHandler(BadCredentialsException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
ResponseEntity<Object> BadCredentialsHandler(BadCredentialsException ex) {
return ResponseEntity
.status(HttpStatus.NOT_FOUND)
.body("pls work :')");
}
@ResponseBody
@ExceptionHandler(MissingCredentialsException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
String MissingCredentialsHandler(MissingCredentialsException ex) {
log.info("Insufficient Authentication");
return "Missing required information: " + ex.getMessage();
}
// Security Configuration
SecurityConfiguration( DatabaseAuthenticationManager manager,
MyBasicAuthenticationEntryPoint customAuthenticationEntryPoint,
EmployeeRepository repository) {
this.manager = manager;
this.customAuthenticationEntryPoint = customAuthenticationEntryPoint;
this.repository = repository;
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorizeHttpRequests) ->
authorizeHttpRequests
.requestMatchers("/login").permitAll()
.anyRequest().authenticated()
)
.csrf().disable();
http.addFilter(new BasicAuthenticationFilter(manager));
http.addFilter(new ExceptionTranslationFilter(customAuthenticationEntryPoint));
return http.build();
}
from dvdapplication.
Related Issues (20)
- Integrate Knative to provide scaling HOT 1
- Improve Probes HOT 2
- Implement MySQL Operator HOT 4
- Add resource and health checks in containers HOT 1
- Improve Docker Images HOT 4
- Optimize Spring Boot Performance HOT 1
- Compress native executable with UPX HOT 5
- Issue when locating .p12 keyfile HOT 3
- Convert python scripts to executables HOT 1
- Paketo buildpack does not include TLS cert in classpath HOT 1
- Implement database versioning and migration with Flyway
- Use Prometheus and Grafana for resource monitoring
- Add pagination HOT 1
- Add Swagger Documentation
- Implement JWT Bearer Authentication
- Create a new 'native' profile for use with native executables HOT 1
- Package application as a helm chart
- Refine exception handling
- Setup GitHub workflows for the repository
- Improve logging
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dvdapplication.