Skip to content

Reactive OAuthResourceServerSpec should allow custom error handling #6052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Nov 6, 2018 · 1 comment · Fixed by #6057
Closed

Reactive OAuthResourceServerSpec should allow custom error handling #6052

jzheaux opened this issue Nov 6, 2018 · 1 comment · Fixed by #6057
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
5.2.0.M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Nov 6, 2018

Servlet-based Spring Security allows for custom error handling via the DSL:

http
    .oauth2ResourceServer()
        .accessDeniedHandler(...)
        .authenticationEntryPoint(...)
        ....

It would be nice if Spring Security WebFlux Resource Server could do the same.
@jzheaux jzheaux added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Nov 6, 2018
@jzheaux jzheaux added this to the 5.2.x milestone Nov 6, 2018
@jzheaux jzheaux mentioned this issue Nov 6, 2018
Closed
@sepanniemi
Copy link

Should it be possible to customize the error handling via ExceptionHandlingSpec in ServerHttpSecurity?

It seems that currently defining access denied handler like this has an effect

serverHttpSecurity
            .exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler)

but defining authentication entry point in a similar way does not have an effect.

serverHttpSecurity
            .exceptionHandling()
                .authenticationEntryPoint(authEntryPoint)

and that's because AuthWebFilter is getting a hardcoded authentication entry point in the configuration?

https://github.com/spring-projects/spring-security/blob/master/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java#L988

@jzheaux jzheaux self-assigned this Nov 7, 2018
jzheaux added a commit to jzheaux/spring-security that referenced this issue Nov 7, 2018
@jzheaux
Custom Bearer Token Error Handling Support
4946fa5 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: spring-projectsgh-6052
@jzheaux jzheaux mentioned this issue Nov 7, 2018
Merged
@rwinch rwinch removed this from the 5.2.x milestone Nov 7, 2018
rwinch pushed a commit that referenced this issue Nov 7, 2018
@jzheaux @rwinch
Custom Bearer Token Error Handling Support
9a13f9a 
Users can specify a custom access denied handler and authentication
entry point for reactive resource servers.

Fixes: gh-6052
@rwinch rwinch added this to the 5.2.0.M1 milestone Nov 7, 2018
jzheaux added a commit that referenced this issue Nov 12, 2018
@jzheaux
Policy OAuth2ResourceServerSpecTests
8eedb39 
Issue: gh-6052
jer051 pushed a commit to jer051/spring-security that referenced this issue Nov 21, 2018
@jzheaux
Policy OAuth2ResourceServerSpecTests
f262ac9 
Issue: spring-projectsgh-6052
@rwinch rwinch added the type: enhancement A general enhancement label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M1
Development

Successfully merging a pull request may close this issue.

Add Reactive Custom Bearer Token Error Handling Support jzheaux/spring-security
3 participants
@rwinch @jzheaux @sepanniemi