security - How to catch AccessDeniedException in Spring Boot REST API -


i have simple spring boot rest api 2 endpoints, 1 protected 1 not. 1 protected, want catch accessdeniedexception , send 401 rather default 500 error. here security configuration:

@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter{  @override public void configure(websecurity websecurity) {     websecurity.ignoring().antmatchers("/"); }  @override protected void configure(httpsecurity http) throws exception {     http             .exceptionhandling()             .accessdeniedhandler(new accessdeniedhandler() {                 @override                 public void handle(httpservletrequest request, httpservletresponse response, org.springframework.security.access.accessdeniedexception accessdeniedexception) throws ioexception, servletexception {                     system.out.println("i here now!!!");                 }             });      http             .addfilterafter(getsecurityfilter(), filtersecurityinterceptor.class);     http             .sessionmanagement()             .sessioncreationpolicy(sessioncreationpolicy.stateless);     http             .csrf()             .disable();     http             .authorizerequests()             .antmatchers("/protected").anonymous(); }  public filter getsecurityfilter() {     return new filter() {         @override         public void init(filterconfig filterconfig) throws servletexception {             //do nothing here         }          @override         public void dofilter(servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception {             string appkeyheadervalue = ((httpservletrequest)request).getheader("x-appkey");             if(appkeyheadervalue!=null && appkeyheadervalue.equals("my_key")) {                 chain.dofilter(request,response);             } else {                 throw new accessdeniedexception("access denied man");             }         }          @override         public void destroy() {          }     }; }

}

i never see i here now!!! print statement, instead see default page whitelabel error page application has no explicit mapping /error, seeing fallback. tue jul 25 23:21:15 cdt 2017 there unexpected error (type=internal server error, status=500). access denied man notice how access denied man printed when exception being thrown.

when run project, see following in console: 2017-07-25 23:21:14.818 info 3872 --- [ restartedmain] s.w.s.m.m.a.requestmappinghandlermapping : mapped "{[/error]}" onto public org.springframework.http.responseentity<java.util.map<java.lang.string, java.lang.object>> org.springframework.boot.autoconfigure.web.basicerrorcontroller.error(javax.servlet.http.httpservletrequest) 2017-07-25 23:21:14.818 info 3872 --- [ restartedmain] s.w.s.m.m.a.requestmappinghandlermapping : mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.modelandview org.springframework.boot.autoconfigure.web.basicerrorcontroller.errorhtml(javax.servlet.http.httpservletrequest,javax.servlet.http.httpservletresponse)

here how project structure looks like:

enter image description here

as suggested @afridi exception occurs before reaches controllers, has handled in filter chain. suggest following :

public class accessdeniedexceptionfilter extends onceperrequestfilter {      @override     public void dofilterinternal(httpservletrequest req, httpservletresponse res,                                  filterchain fc) throws servletexception, ioexception {         try {             fc.dofilter(request, response);         } catch (accessdeniedexception e) {          // log error if needed here redirect      requestdispatcher requestdispatcher =               getservletcontext().getrequestdispatcher(redirecturl);      requestdispatcher.forward(request, response);      } }

add filter filter chain in

protected void configure(httpsecurity http) throws exception { http .... .addfilterafter(httpclientfilter(), accessdeniedexceptionfilter.class)

Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more