Announcement Announcement Module
Collapse
No announcement yet.
Exceptions in Custom AuthFilter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exceptions in Custom AuthFilter

    Hello everyone,
    i want to use spring security for my application.
    I have to merge Springsec with my custom SSO that works with a web service.

    I thought to create a custom filter to add to the ss chain.

    Code:
    <sec:http entry-point-ref="authenticationEntryPoint" use-expressions="true">
    <sec:custom-filter before="PRE_AUTH_FILTER" ref="authenticationFilter" /> <sec:access-denied-handler ref="accessDeniedHandler" />
    </sec:http>
    My authenticationFilter provide to call the sso webservice and add grantedauthoritys to the authentication.

    I have a little trouble when an exception is thrown by my sso service. I would like to send the user to the exception handler but it just send it to the servelt and i get a raw 500 internal server error.
    I also tried to catch the exception and throw a AccessDeniedException, but it is the same.
    What i miss?

    thank you.

  • #2
    The AccessDeniedHandler applies to a later stage in the filter chain. It won't handle exceptions thrown from your filter.

    Either customize your filter to catch exceptions or set up an error-page declaration for the 500 code in your web.xml (which you should probably do anyway, since end users should never see exceptions).

    Comment


    • #3
      But do you think that my auth flow is not correct?
      Thanks.

      Comment


      • #4
        Originally posted by Tobia View Post
        But do you think that my auth flow is not correct?
        Thanks.
        No, but as I said the AccessDeniedHandler won't handle exceptions from your filter. It is a strategy used by the ExceptionTranslationFilter.

        Comment


        • #5
          Ok, i understand. But I would know if I could build a better chain with a external ws/sso.

          Thank you. bye.

          Comment


          • #6
            I add the 500 error code, but in my error JSP can I print the exception trace?
            How to access the exception?

            Thank you.

            Comment


            • #7
              Can I also send different Error code instead of 500? Example an 401 for not authenticated? How to do this?

              Thank you.

              Comment


              • #8
                What if you want to catch those filter exceptions programatically?

                Comment

                Working...
                X