use of org.summerb.utils.exceptions.dto.ExceptionInfo in project summerb by skarpushin.
the class RestAuthenticationFailureHandler method onAuthenticationFailure.
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
FieldValidationException fve = ExceptionUtils.findExceptionOfType(exception, FieldValidationException.class);
if (fve != null) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
jsonResponseHelper.writeResponseBody(new ValidationErrors(fve.getErrors()), response);
return;
}
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
GenericServerErrorResult responseBody = new GenericServerErrorResult(exceptionTranslator.buildUserMessage(exception, LocaleContextHolder.getLocale()), new ExceptionInfo(exception));
jsonResponseHelper.writeResponseBody(responseBody, response);
}
use of org.summerb.utils.exceptions.dto.ExceptionInfo in project summerb by skarpushin.
the class RestExceptionTranslator method determineFailureResult.
private DtoBase determineFailureResult(Exception ex, HttpServletRequest request, HttpServletResponse response) {
// first see if it is FVE
FieldValidationException fve = ExceptionUtils.findExceptionOfType(ex, FieldValidationException.class);
if (fve != null) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return fve.getErrorDescriptionObject();
}
boolean translateAuthErrors = Boolean.TRUE.equals(Boolean.valueOf(request.getHeader(X_TRANSLATE_AUTHORIZATION_ERRORS)));
GenericServerErrorResult ret = null;
if (translateAuthErrors) {
ret = new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
}
NotAuthorizedException naex = ExceptionUtils.findExceptionOfType(ex, NotAuthorizedException.class);
if (naex != null) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return ret != null ? ret : naex.getResult();
}
AuthenticationException ae = ExceptionUtils.findExceptionOfType(ex, AuthenticationException.class);
if (ae != null) {
// NOTE: See how we did that in AuthenticationFailureHandlerImpl...
// Looks like we need to augment our custom RestLoginFilter so it
// will put username to request
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult("(username not resolved)", SecurityMessageCodes.AUTH_FATAL);
}
AccessDeniedException ade = ExceptionUtils.findExceptionOfType(ex, AccessDeniedException.class);
if (ade != null) {
if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
}
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.ACCESS_DENIED);
}
CurrentUserNotFoundException cunfe = ExceptionUtils.findExceptionOfType(ex, CurrentUserNotFoundException.class);
if (cunfe != null) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return ret != null ? ret : new NotAuthorizedResult(getCurrentUser(null), SecurityMessageCodes.LOGIN_REQUIRED);
}
// TODO: Do we really need to send whole stack trace to client ??? I think we
// should do it only during development
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return new GenericServerErrorResult(exceptionTranslator.buildUserMessage(ex, LocaleContextHolder.getLocale()), new ExceptionInfo(ex));
}
Aggregations