Search in sources :

Example 1 with GenericServerErrorResult

use of org.summerb.utils.exceptions.dto.GenericServerErrorResult in project summerb by skarpushin.

the class RestAuthenticationFailureHandler method onAuthenticationFailure.

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    FieldValidationException fve = ExceptionUtils.findExceptionOfType(exception, FieldValidationException.class);
    if (fve != null) {
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        jsonResponseHelper.writeResponseBody(new ValidationErrors(fve.getErrors()), response);
        return;
    }
    response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    GenericServerErrorResult responseBody = new GenericServerErrorResult(exceptionTranslator.buildUserMessage(exception, LocaleContextHolder.getLocale()), new ExceptionInfo(exception));
    jsonResponseHelper.writeResponseBody(responseBody, response);
}
Also used : FieldValidationException(org.summerb.approaches.validation.FieldValidationException) ValidationErrors(org.summerb.approaches.validation.ValidationErrors) GenericServerErrorResult(org.summerb.utils.exceptions.dto.GenericServerErrorResult) ExceptionInfo(org.summerb.utils.exceptions.dto.ExceptionInfo)

Example 2 with GenericServerErrorResult

use of org.summerb.utils.exceptions.dto.GenericServerErrorResult in project summerb by skarpushin.

the class RestExceptionTranslator method determineFailureResult.

private DtoBase determineFailureResult(Exception ex, HttpServletRequest request, HttpServletResponse response) {
    // first see if it is FVE
    FieldValidationException fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class);
    if (fve != null) {
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        return fve.getErrorDescriptionObject();
    }
    boolean translateAuthErrors = Boolean.TRUE.equals(Boolean.valueOf(request.getHeader(X_TRANSLATE_AUTHORIZATION_ERRORS)));
    GenericServerErrorResult ret = null;
    if (translateAuthErrors) {
        ret = new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
    }
    NotAuthorizedException naex = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class);
    if (naex != null) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return ret != null ? ret : naex.getResult();
    }
    AuthenticationException ae = ExceptionUtils.findExceptionOfType(ex, AuthenticationException.class);
    if (ae != null) {
        // NOTE: See how we did that in AuthenticationFailureHandlerImpl...
        // Looks like we need to augment our custom RestLoginFilter so it
        // will put username to request
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return ret != null ? ret : new NotAuthorizedResult("(username not resolved)", SecurityMessageCodes.AUTH_FATAL);
    }
    AccessDeniedException ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class);
    if (ade != null) {
        if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
        }
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.ACCESS_DENIED);
    }
    CurrentUserNotFoundException cunfe = ExceptionUtils.findExceptionOfType(ex, CurrentUserNotFoundException.class);
    if (cunfe != null) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
    }
    // TODO: Do we really need to send whole stack trace to client ??? I think we
    // should do it only during development
    response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    return new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
}
Also used : FieldValidationException(org.summerb.approaches.validation.FieldValidationException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) AuthenticationException(org.springframework.security.core.AuthenticationException) NotAuthorizedResult(org.summerb.approaches.security.api.dto.NotAuthorizedResult) CurrentUserNotFoundException(org.summerb.approaches.security.api.CurrentUserNotFoundException) NotAuthorizedException(org.summerb.approaches.security.api.exceptions.NotAuthorizedException) GenericServerErrorResult(org.summerb.utils.exceptions.dto.GenericServerErrorResult) ExceptionInfo(org.summerb.utils.exceptions.dto.ExceptionInfo)

Aggregations

FieldValidationException (org.summerb.approaches.validation.FieldValidationException)2 ExceptionInfo (org.summerb.utils.exceptions.dto.ExceptionInfo)2 GenericServerErrorResult (org.summerb.utils.exceptions.dto.GenericServerErrorResult)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 CurrentUserNotFoundException (org.summerb.approaches.security.api.CurrentUserNotFoundException)1 NotAuthorizedResult (org.summerb.approaches.security.api.dto.NotAuthorizedResult)1 NotAuthorizedException (org.summerb.approaches.security.api.exceptions.NotAuthorizedException)1 ValidationErrors (org.summerb.approaches.validation.ValidationErrors)1