Spring-security-oauth: Can I customize OAuth2AuthenticationEntryPoint in ResourceServerSecurityConfigurer?

Created on 26 Jan 2015  路  10Comments  路  Source: spring-projects/spring-security-oauth

For an invalid access token, InvalidTokenException will occur and output

{"error":"invalid_token","error_description":"Invalid access token: asdfasdf"}

when in json format.

Could I customize the json format, such as

{"code": 123, "error":"invalid_token","error_description":"Invalid access token: asdfasdf"}

? I read the code, But there is no way to set custom OAuth2AuthenticationEntryPoint or OAuth2ExceptionRenderer in ResourceServerSecurityConfigurer.

stackoverflow

Most helpful comment

@breakline87

I'm use Annotation, XML maybe the same.

Bean:

    @Bean
    WebResponseExceptionTranslator exceptionTranslator() {
        return new CustomWebResponseExceptionTranslator();
    }

AuthorizationServer config:

@Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.tokenServices(oauth2ServerConfig.defaultTokenService());
            ...
            endpoints.exceptionTranslator(oauth2ServerConfig.exceptionTranslator());
        }
}

Custom exception translator:

public class CustomWebResponseExceptionTranslator /*extends DefaultWebResponseExceptionTranslator*/ implements WebResponseExceptionTranslator {
}

hope it helpful

All 10 comments

ResourceServerSecurityConfigurer has an authenticationEntryPoint() method (I think there were some issues with it up to 2.0.5, so please try a snapshot). You can inject the entry point there and customize its WebResponseExceptionTranslator.

@dsyer Thank you very much!

Hello

I face the same problem, how can I configure this via xml? I assume it should be somewhere where I configure my resource server with:

can I inject it there?

THank you

@breakline87

I'm use Annotation, XML maybe the same.

Bean:

    @Bean
    WebResponseExceptionTranslator exceptionTranslator() {
        return new CustomWebResponseExceptionTranslator();
    }

AuthorizationServer config:

@Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.tokenServices(oauth2ServerConfig.defaultTokenService());
            ...
            endpoints.exceptionTranslator(oauth2ServerConfig.exceptionTranslator());
        }
}

Custom exception translator:

public class CustomWebResponseExceptionTranslator /*extends DefaultWebResponseExceptionTranslator*/ implements WebResponseExceptionTranslator {
}

hope it helpful

In which config we need to mention the Custom exception translator in the config.xml

Here is my current code

@Bean(name = "exceptionRenderer")
public CustomExceptionRenderer getCustomExceptionRenderer() {
CustomExceptionRenderer customExceptionRenderer = new CustomExceptionRenderer();
return customExceptionRenderer;
}

@Bean(name = "exceptionTranslator")
public CustomExceptionTranslator getWebResponseExceptionTranslator() {
CustomExceptionTranslator customExceptionTranslator = new CustomExceptionTranslator();
return customExceptionTranslator;
}

@Bean(name = "clientAuthenticationEntryPoint")
public CustomOAuth2AuthenticationEntryPoint getClientAuthenticationEntryPoint() throws Exception {
CustomOAuth2AuthenticationEntryPoint customOAuth2AuthenticationEntryPoint = new CustomOAuth2AuthenticationEntryPoint();
customOAuth2AuthenticationEntryPoint.setExceptionTranslator(getWebResponseExceptionTranslator());
customOAuth2AuthenticationEntryPoint.setExceptionRenderer(getCustomExceptionRenderer());
return customOAuth2AuthenticationEntryPoint;
}
How to inject my CustomExceptionTranslator in the TokenPoint during runtime ?

I am always getting the DefaultWebResponseExceptionTranslator class .
Help me to configure my custom translator and set my own error messages in the response.

I found a way to do this. You'll need to classes. First one which extends DefaultOAuth2ExceptionRenderer:

public class MyOauthExceptionRenderer extends DefaultOAuth2ExceptionRenderer {

public MyOauthExceptionRenderer () {
    setMessageConverters(getMessageConverters());
}

private List<HttpMessageConverter<?>> getMessageConverters() {
    List<HttpMessageConverter<?>> result = new ArrayList<HttpMessageConverter<?>>();
    result.add(new MyOauthMessageConverter());
    return result;
}

}

Then you need the class which actually converts the object to your own type. Also in this case I use the MappingJackson2HttpMessageConverter class which basically lets you convert the output to json atuomatically:

public class MyOauthMessageConverter extends MappingJackson2HttpMessageConverter {

@Override
protected void writeInternal(Object object, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException {
    super.writeInternal(transformObject(object), outputMessage);
}

protected Object transformObject(Object object) {
           //ApiResponse is just my own class, replace it with anything you wanna return
    ApiResponse response = new ApiResponse();
    response.setError(true);
    response.setErrorCode(Errors.ERROR_OAUTH.getCode());
    response.setErrorMessage(object.toString());
    if(object instanceof OAuth2Exception) {
        //....custom code for OAuth2Exception
    }
    return response;
}

}

Hope this helps.

@dsyer Hi, with the latest release of spring 5.0.0, does anything get simplified for configuring custom response handlers to Authorization exceptions (org.springframework.security.authentication.InsufficientAuthenticationException)?
I am currently looking into configuring OAuth2AuthenticationEntryPoint to overwrite its _ResponseEntity enhanceResponse(ResponseEntity result, Exception authException)_ method but having a hard time with getting a hold of the default bean s to properly configure it or to replace it.

This is in context of configuring a standalone app that is a ResourceServer which extends its own ResourceServerConfigurerAdapter.

In case of resource server you may inject your ExceptionTranslator like here (code is in Kotlin):

```kotlin
import com.payconiq.document.rest.v1.error.CustomWebResponseExceptionTranslator
import org.springframework.context.annotation.Configuration
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint

@Configuration
class OAuth2ResourceServerConfiguration : ResourceServerConfigurerAdapter.ResourceServerConfigurerAdapter() {

override fun configure(resources: ResourceServerSecurityConfigurer) {
    val authenticationEntryPoint = OAuth2AuthenticationEntryPoint()
    authenticationEntryPoint.setExceptionTranslator(CustomWebResponseExceptionTranslator())
    resources.authenticationEntryPoint(authenticationEntryPoint)
}

}```

Was this page helpful?
0 / 5 - 0 ratings