Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Exception Handling for UserDetailsService

Tags:

java

exception

spring

spring-security

I have a question abeout Exception Handling in Spring Security.

I have defined a CustomUserDetailsService which sometimes (when the value in SM_USER header is false) should throw an exception.

public class CustomUserDetailsService implements UserDetailsService {   

@Override
public UserDetails loadUserByUsername(String smHeaderValue)   throws UsernameNotFoundException {                

    ... throw new UsernameNotFoundException("wrong value of the sm Header");        
    ...
}

I would like a Http status code 403 (AccessDenied) to be thrown in this case but Spring Security always shows 500. And the standard (for my software) exception representation cannot be shown. I thought that an Exception resolver could help me. But as far as I read the standard Exception Resolver does not suit for SpringSecurity and its scope is only Spring MVC.

@ControllerAdvice

public class ExceptionResolver extends AbstractHandlerExceptionResolver{

@Override
protected ModelAndView doResolveException(HttpServletRequest request,
        HttpServletResponse responce, Object handler, Exception exception) {

    ModelAndView toReturn = new ModelAndView();
    toReturn.setView(new MappingJackson2JsonView());
    toReturn.addObject("message", exception.getMessage());
    toReturn.addObject("exceptionClass", exception.getClass().getCanonicalName());

    HttpStatus exceptionStatus = getStatus(exception);
    responce.setStatus(exceptionStatus.value());        
    return toReturn;
}

private HttpStatus getStatus(Exception exception){

    if (exception instanceof UsernameNotFoundException)
        return HttpStatus.FORBIDDEN;        
    return HttpStatus.BAD_REQUEST;
}   
}

Is there any way to resolve the exception of UserDetailsService?

UPDATE

15:42:37,948 DEBUG qtp1052330967-15 security.DelegateRequestMatchingFilter:137 - preAuthenticatedPrincipal = dhdg, trying to authenticate
15:42:37,950  INFO qtp1052330967-15 security.CustomUserDetailsService:57 - looking for authorities for sm header value: [dhdg]
15:42:37,989 DEBUG qtp1052330967-15 security.DelegateRequestMatchingFilter:225 - Cleared security context due to exception
org.springframework.security.core.userdetails.UsernameNotFoundException: there is no opened sessions with this sm user header value
    at de.escosautomation.restserver.security.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:73)
    at org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper.loadUserDetails(UserDetailsByNameServiceWrapper.java:53)
    at org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider.authenticate(PreAuthenticatedAuthenticationProvider.java:87)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
    at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:145)
    at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:113)
    at de.escosautomation.restserver.security.DelegateRequestMatchingFilter.doFilter(DelegateRequestMatchingFilter.java:51)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
    at org.eclipse.jetty.server.Server.handle(Server.java:497)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
    at java.lang.Thread.run(Thread.java:745)
like image 647
user2957954 Avatar asked Oct 14 '25 10:10

user2957954

1 Answers

I think I see what is going wrong here. Since you use PreAuthenticatedAuthenticationProvider, a UsernameNotFoundException is not really handled. This because in a typical pre-authenticated environment, it is already verified that the user exists.

Instead you should return a UserDetails object with state disabled or locked.

If you can't read the user information at all, you could throw a AuthenticationServiceException.

like image 158
holmis83 Avatar answered Oct 17 '25 03:10

holmis83
Sign in to Comment

Related questions

Is there a way to list projects using a specific maven package?
How to create a secure like counter in Firebase Realtime Database
spring boot custom starter, define entities in it, without using @EntityScan. Is it possible?
Can someone share the complete list of arguments that one can pass in options.addArguments()?
Deleting AWS SQS messages using Java sdk
How to set margins to jasper report in java?
Spring Hibernate - difference between CrudRepository and SessionFactory
Regular Expression for swapping words
Hazelcast CP Subsystem FencedLock memory usage
How to ignore @SneakyThrows of Lombok in Jacoco code coverage?
Validation doesn't work on EntityManager.merge()
A method to check if a Collection or Map is empty or null?
Jenkins ssh-node doesn't find Java
How to fix error with install maven jar plugin dependency?
Why is my test not running [closed]
how to discrard base uri when using withHTMLContent openHTmlToPDF
Not annotated parameter overrides @NotNull parameter
How do you check if a user has bought an in-app purchase whenever he open the app?
JTable header renderer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!