Return RESTful / json response instead of Spring boot OAUTH2 login form

Question

Return RESTful / json response instead of Spring boot OAUTH2 login form

I am trying to return a json response when the user is not registered, instead of returning the login form in html.

The application uses only @RestController, and I do not need online support.

http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable();

When I receive a request using a browser or a postman, I get back the default spring HTML login form.

 security.basic.enabled=true

I use OATH2, and when I request a token, it works fine, and I get a response like this:

 { "access_token": "227803d1-fe94-4e31-b496-3a03bafb9479", "token_type": "bearer", "refresh_token": "322f4ee9-4c48-4e06-a129-f4b6af93d664", "expires_in": 43199, "scope": "read write" }

Somehow it works correctly in this example:

https://github.com/royclarkson/spring-rest-service-oauth

And when I have not logged in, I want to return something like this:

 { "error": "unauthorized", "error_description": "An Authentication object was not found in the SecurityContext" }

But I get the login form, and I want to get the answer above. What am I doing wrong? I involuntarily understand why it works in the GitHub example, and not in my case. Is there a way to completely disable the login form and force json to respond?

+1

json rest spring-boot spring-security

Kramer Mar 29 '17 at 8:38

source share

2 answers

chaoluo · Answer 1 · 2017-03-30T15:59:10+0000

AuthenticationEntryPoint used to handle spring security exceptions.

If you added oauth2 to your pom, you can use OAuth2AuthenticationEntryPoint for your entry point, the entry point for spring handling security exceptions, if you use the base for your authentication, you can configure it like this

 http .httpBasic().authenticationEntryPoint(getCustomerEntryPoint()); @Bean protected AuthenticationEntryPoint getCustomerEntryPoint() { return new OAuth2AuthenticationEntryPoint(); }

as you can see exception handling in OAuth2AuthenticationEntryPoint

 // Try to extract a SpringSecurityException from the stacktrace Throwable[] causeChain = throwableAnalyzer.determineCauseChain(e); Exception ase = (OAuth2Exception) throwableAnalyzer.getFirstThrowableOfType( OAuth2Exception.class, causeChain); if (ase != null) { return handleOAuth2Exception((OAuth2Exception) ase); } ase = (AuthenticationException) throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain); if (ase != null) { return handleOAuth2Exception(new UnauthorizedException(e.getMessage(), e)); } ase = (AccessDeniedException) throwableAnalyzer .getFirstThrowableOfType(AccessDeniedException.class, causeChain); if (ase instanceof AccessDeniedException) { return handleOAuth2Exception(new ForbiddenException(ase.getMessage(), ase)); } ase = (HttpRequestMethodNotSupportedException) throwableAnalyzer .getFirstThrowableOfType(HttpRequestMethodNotSupportedException.class, causeChain); if (ase instanceof HttpRequestMethodNotSupportedException) { return handleOAuth2Exception(new MethodNotAllowed(ase.getMessage(), ase)); } return handleOAuth2Exception(new ServerErrorException(e.getMessage(), e));

it will try to get an OAuth2Exception , AuthenticationException , AccessDeniedException in order, I think you can use this.

And you can also set up an ExceptionTranslationFilter , this filter is in the spring security chain, and after that it will catch and handle an exception like AuthenticationException , AccessDeniedException , and this is the main entry point and will be useful for most authentication methods like FormLogin .

 http .exceptionHandling().authenticationEntryPoint(getCustomerEntryPoint());

If you are not using spring oauth2, now you understand AuthenticationEntryPoint , so you can also implement your own AuthenticationEntryPoint and configure your response to the exception, just override the commence method, for example

BasicAuthenticationEntryPoint : it will return the header "WWW-Authenticate" LoginUrlAuthenticationEntryPoint : it will be redirected to the destination URL if authentication

Muralidharan.rade · Answer 2 · 2017-11-14T04:37:15+0000

You will need a custom AuthenticationEntryPoint and override the commence() method.

Indeed, the entry point must be registered in Spring Security Configuration

 http.exceptionHandling() .authenticationEntryPoint(restAuthenticationEntryPoint)

Code example:

 public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException, ServletException { response.setContentType("application/json"); response.getOutputStream().print("{\"error\":\"Unauthorized.. Please authenticate..\"}"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); } }

Return RESTful / json response instead of Spring boot OAUTH2 login form

More articles: