Announcement Announcement Module
Collapse
No announcement yet.
OAuth 1.0 Custom Error Responses Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth 1.0 Custom Error Responses

    Hi,

    I'm using OAuth 1.0 in a 2-legged configuration and I'm trying to customise the error response sent back to the client.

    There are a number of possible exceptions that can be raised by ProtectedResourceProcessingFilter, and more specifically by the class it extends OAuthProviderProcessingFilter and it's doFilter() method.

    The exceptions are caught in the following block of code and dispatched as necessary:

    Code:
            
    catch (AuthenticationException ae) {
              fail(request, response, ae);
            }
            catch (ServletException e) {
              if (e.getRootCause() instanceof AuthenticationException) {
                fail(request, response, (AuthenticationException) e.getRootCause());
              }
              else {
                throw e;
              }
            }
    The fail() method gets called and in here the error is dealt with. There is a reference to the authetication entry point but although I set this as the <http> entry point, it never gets called. The code is the following:

    Code:
      protected void fail(HttpServletRequest request, HttpServletResponse response, AuthenticationException failure) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(null);
    
        if (log.isDebugEnabled()) {
          log.debug(failure);
        }
    
        if (failure instanceof InvalidOAuthParametersException) {
          response.sendError(400, failure.getMessage());
        }
        else if (failure.getCause() instanceof UnsupportedSignatureMethodException) {
          response.sendError(400, failure.getMessage());
        }
        else {
          authenticationEntryPoint.commence(request, response, failure);
        }
      }
    The question is, how can I override this method? or if there is a more systematic way of modifing the error responses?

    I'm not quite sure how I should go about replacing this specific filter with my own.

    Thanks,

    Ale

  • #2
    Originally posted by Ale View Post
    I'm not quite sure how I should go about replacing this specific filter with my own.
    That's probably the easiest thing to do. You just define a bean definition to override the one created by the namespace, i.e. after the <oauth:/> element and with the same bean id (I can see from OAuthProviderBeanDefinitionParser that it is "oauthProtectedResourceFilter").

    Comment


    • #3
      Thanks! Not sure why I didn't think of looking in the Parser

      Comment

      Working...
      X