Reputation: 1282
How to return different error message resolved by concrete derived AuthenticationException type in custom AuthenticationFailureHandler
I am using Spring Security to construct my blog application's authentication/authorization. We've decided to use RESTful api, in order to return json message to the client while handling the authentication error in the server side, i have to write custom AuthenticationFailureHandler, like:
public class RganAuthenticationFailureHandler implements AuthenticationFailureHandler {
private static Logger logger = LoggerFactory.getLogger(RganAuthenticationFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setContentType(MediaType.APPLICATION_JSON_VALUE);
httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
httpServletResponse.getWriter().write("some description");
}
}
The AuthenticationException have some concrete derived type, describe what's the exact error, like:
UsernameNotFoundException, BadCredentialsException, AuthenticationServiceException...
It seems to me that i should return different error message for different exception type. For example, for UsernameNotFoundException and BadCredentialsException, i might return "wrong username or password, for AuthenticationServiceException, i might return "some sth wrong happen during getting your credentials, please retry later" and a different HTTP status code(like 500).
Now here's the problem, i know i can write code like:
if(e instanceof UsernameNotFoundException || e instanceof BadCredentialsException){
httpServletResponse.getWriter.write("message1");
}else if(e instance of AuthenticationServiceException){
httpServletResponse.getWriter.write("message2");
}else if(...){
// ...
}
to handle this, but it seems not to be the best solution, i have to write a serie of else if block.
I've read some post like https://stackoverflow.com/a/46530064/8510613, it seems that use @ControllerAdvice and HandlerExceptionResolver is also not the best solution.
So how should i handle this problem?
Upvotes: 1
Views: 368
Answers (1)
Reputation: 4620
You could make the decision further up the stack by using DelegatingAuthenticationFailureHandler
An AuthenticationFailureHandler that delegates to other AuthenticationFailureHandler instances based upon the type of AuthenticationException passed into onAuthenticationFailure
Upvotes: 1
Related Questions
- Spring Boot and Spring Security, can't send error with custom message in AuthenticationEntryPoint
- Customize authentication failure response in Spring Security using AuthenticationFailureHandler
- How to Customize "Bad credentials" error response in Spring Security?
- Handle AuthenticationException in Spring 5 with custom authentication
- How to handle different authentication exceptions in Spring security 3.1?
- Spring custom AuthenticationFailureHandler
- How to handle exceptions properly in custom Spring security 3.0 authentication?
- Spring Security custom message for "Authentication method not supported: GET"
- Spring Security: Custom exception message from UserDetailsService
- Throwing Custom Exception and Display Error Message from Custom AuthenticationProvider