Handle authentication errors to avoid being reported as 500

This commit is contained in:
Paulo Gustavo Veiga 2023-12-12 18:07:44 -08:00
parent 19d083e218
commit 712fbaa3a7
3 changed files with 10 additions and 8 deletions

View File

@ -1,11 +1,9 @@
package com.wisemapping.config; package com.wisemapping.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.ImportResource;
import org.springframework.transaction.TransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement; import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.ViewResolver;

View File

@ -37,6 +37,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.i18n.LocaleContextHolder; import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.context.support.ResourceBundleMessageSource;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.ResponseStatus;
@ -55,9 +56,6 @@ public class BaseController {
@Autowired @Autowired
ServletContext context; ServletContext context;
@Autowired
private NotificationService notificationService;
@ExceptionHandler(IllegalArgumentException.class) @ExceptionHandler(IllegalArgumentException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST) @ResponseStatus(HttpStatus.BAD_REQUEST)
@ResponseBody @ResponseBody
@ -65,9 +63,16 @@ public class BaseController {
return new RestErrors(ex.getMessage(), Severity.WARNING); return new RestErrors(ex.getMessage(), Severity.WARNING);
} }
@ExceptionHandler(AuthenticationCredentialsNotFoundException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
public RestErrors handleAuthException(@NotNull final AuthenticationCredentialsNotFoundException ex) {
logger.debug(ex.getMessage(), ex);
return new RestErrors("Authentication exception. Session must be expired. Try logging again.", Severity.INFO);
}
@ExceptionHandler(ValidationException.class) @ExceptionHandler(ValidationException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST) @ResponseStatus(HttpStatus.BAD_REQUEST)
public RestErrors handleValidationErrors(@NotNull ValidationException ex) { public RestErrors handleValidationErrors(@NotNull final ValidationException ex) {
logger.debug(ex.getMessage(), ex); logger.debug(ex.getMessage(), ex);
return new RestErrors(ex.getErrors(), messageSource); return new RestErrors(ex.getErrors(), messageSource);
} }
@ -120,7 +125,7 @@ public class BaseController {
public RestErrors handleServerErrors(@NotNull Exception ex, @NotNull HttpServletRequest request) { public RestErrors handleServerErrors(@NotNull Exception ex, @NotNull HttpServletRequest request) {
logger.error(ex.getMessage(), ex); logger.error(ex.getMessage(), ex);
final User user = Utils.getUser(false); final User user = Utils.getUser(false);
notificationService.reportJavaException(ex, user, request); // notificationService.reportJavaException(ex, user, request);
return new RestErrors(ex.getMessage(), Severity.SEVERE); return new RestErrors(ex.getMessage(), Severity.SEVERE);
} }

View File

@ -109,7 +109,6 @@ public class MindmapController extends BaseController {
@RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/document", consumes = {"application/json"}, produces = {"application/json"}) @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/document", consumes = {"application/json"}, produces = {"application/json"})
@ResponseStatus(value = HttpStatus.NO_CONTENT) @ResponseStatus(value = HttpStatus.NO_CONTENT)
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public void updateDocument(@RequestBody RestMindmap restMindmap, @PathVariable int id, @RequestParam(required = false) boolean minor) throws WiseMappingException, IOException { public void updateDocument(@RequestBody RestMindmap restMindmap, @PathVariable int id, @RequestParam(required = false) boolean minor) throws WiseMappingException, IOException {
final Mindmap mindmap = findMindmapById(id); final Mindmap mindmap = findMindmapById(id);