For an invalid access token, InvalidTokenException will occur and output
{"error":"invalid_token","error_description":"Invalid access token: asdfasdf"}
when in json format.
Could I customize the json format, such as
{"code": 123, "error":"invalid_token","error_description":"Invalid access token: asdfasdf"}
? I read the code, But there is no way to set custom OAuth2AuthenticationEntryPoint or OAuth2ExceptionRenderer in ResourceServerSecurityConfigurer.
ResourceServerSecurityConfigurer has an authenticationEntryPoint() method (I think there were some issues with it up to 2.0.5, so please try a snapshot). You can inject the entry point there and customize its WebResponseExceptionTranslator.
@dsyer Thank you very much!
Hello
I face the same problem, how can I configure this via xml? I assume it should be somewhere where I configure my resource server with:
can I inject it there?
THank you
@breakline87
I'm use Annotation, XML maybe the same.
Bean:
@Bean
WebResponseExceptionTranslator exceptionTranslator() {
return new CustomWebResponseExceptionTranslator();
}
AuthorizationServer config:
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(oauth2ServerConfig.defaultTokenService());
...
endpoints.exceptionTranslator(oauth2ServerConfig.exceptionTranslator());
}
}
Custom exception translator:
public class CustomWebResponseExceptionTranslator /*extends DefaultWebResponseExceptionTranslator*/ implements WebResponseExceptionTranslator {
}
hope it helpful
In which config we need to mention the Custom exception translator in the config.xml
Here is my current code
@Bean(name = "exceptionRenderer")
public CustomExceptionRenderer getCustomExceptionRenderer() {
CustomExceptionRenderer customExceptionRenderer = new CustomExceptionRenderer();
return customExceptionRenderer;
}
@Bean(name = "exceptionTranslator")
public CustomExceptionTranslator getWebResponseExceptionTranslator() {
CustomExceptionTranslator customExceptionTranslator = new CustomExceptionTranslator();
return customExceptionTranslator;
}
@Bean(name = "clientAuthenticationEntryPoint")
public CustomOAuth2AuthenticationEntryPoint getClientAuthenticationEntryPoint() throws Exception {
CustomOAuth2AuthenticationEntryPoint customOAuth2AuthenticationEntryPoint = new CustomOAuth2AuthenticationEntryPoint();
customOAuth2AuthenticationEntryPoint.setExceptionTranslator(getWebResponseExceptionTranslator());
customOAuth2AuthenticationEntryPoint.setExceptionRenderer(getCustomExceptionRenderer());
return customOAuth2AuthenticationEntryPoint;
}
How to inject my CustomExceptionTranslator in the TokenPoint during runtime ?
I am always getting the DefaultWebResponseExceptionTranslator class .
Help me to configure my custom translator and set my own error messages in the response.
I found a way to do this. You'll need to classes. First one which extends DefaultOAuth2ExceptionRenderer:
public class MyOauthExceptionRenderer extends DefaultOAuth2ExceptionRenderer {
public MyOauthExceptionRenderer () {
setMessageConverters(getMessageConverters());
}
private List<HttpMessageConverter<?>> getMessageConverters() {
List<HttpMessageConverter<?>> result = new ArrayList<HttpMessageConverter<?>>();
result.add(new MyOauthMessageConverter());
return result;
}
}
Then you need the class which actually converts the object to your own type. Also in this case I use the MappingJackson2HttpMessageConverter class which basically lets you convert the output to json atuomatically:
public class MyOauthMessageConverter extends MappingJackson2HttpMessageConverter {
@Override
protected void writeInternal(Object object, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException {
super.writeInternal(transformObject(object), outputMessage);
}
protected Object transformObject(Object object) {
//ApiResponse is just my own class, replace it with anything you wanna return
ApiResponse response = new ApiResponse();
response.setError(true);
response.setErrorCode(Errors.ERROR_OAUTH.getCode());
response.setErrorMessage(object.toString());
if(object instanceof OAuth2Exception) {
//....custom code for OAuth2Exception
}
return response;
}
}
Hope this helps.
@dsyer Hi, with the latest release of spring 5.0.0, does anything get simplified for configuring custom response handlers to Authorization exceptions (org.springframework.security.authentication.InsufficientAuthenticationException)?
I am currently looking into configuring OAuth2AuthenticationEntryPoint to overwrite its _ResponseEntity
This is in context of configuring a standalone app that is a ResourceServer which extends its own ResourceServerConfigurerAdapter.
In case of resource server you may inject your ExceptionTranslator like here (code is in Kotlin):
```kotlin
import com.payconiq.document.rest.v1.error.CustomWebResponseExceptionTranslator
import org.springframework.context.annotation.Configuration
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint
@Configuration
class OAuth2ResourceServerConfiguration : ResourceServerConfigurerAdapter.ResourceServerConfigurerAdapter() {
override fun configure(resources: ResourceServerSecurityConfigurer) {
val authenticationEntryPoint = OAuth2AuthenticationEntryPoint()
authenticationEntryPoint.setExceptionTranslator(CustomWebResponseExceptionTranslator())
resources.authenticationEntryPoint(authenticationEntryPoint)
}
}```
Most helpful comment
@breakline87
I'm use Annotation, XML maybe the same.
Bean:
AuthorizationServer config:
Custom exception translator:
hope it helpful