Hi Adrian,
sorry for late response.
Not sure if the (CXF's) RestServiceExceptionMapper takes place here: as
fas as I've understood, in case of invalid credentials the request does
not even come to CXF, and the error is completely managed by Spring
Security.
It seems also to me to remember that it is not obvious how to alter the
Spring Security error handling without breaking the authentication chain
- remember that Basic Authentication is used either as such (for all
services) and to obtain a JWT instance which can be then used to access
all services.
Anyway, if you find some time to work on this, I'd recommend a PR rather
than a Java file attached via e-mail (it looks so 90ties..) :-)
Regards.
On 15/09/2017 17:08, Adrian Gonzalez wrote:
Hi Francesco,
I'll try something - not sure if next week or the one after.
In the meantime I've quickly developed this class (attached).
It really needs more polishing:
- I'd like to do a bridge to RestServiceExceptionMapper so we have a
central place for error handlig (but it's JAX-RS and I'm at servlet
layer here).
- I'd need to add types and codes in ClientExceptionType
- I'd need to add the same customisation for syncopeAccessDeniedHandler
Thanks,
Adrian
Le vendredi 15 septembre 2017 à 15:28:56 UTC+2, Francesco Chicchiriccò
a écrit :
On 15/09/2017 15:17, Adrian Gonzalez wrote:
Hello,
I'm using Syncope 2.0.5.
I'm calling /self REST API with invalid credentials
(withcontent-type: application/json .)
/self returns HTML code and not a JSON message body.
i.e.
```
curl -X GET \
http://localhost:9080/syncope/rest/users/self \
-H 'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H 'postman-token: 477ebc5a-6350-4ba5-a8a2-4d6ecea31712'
```
Returns an HTML error page i.e;
HTTP Status 401 –
Unauthorized...Message User bellini not
authenticatedDescription The request has not been
applied because it lacks valid authentication credentials for the
target resource.Apache
Tomcat/8.5.20
Shouldn't it be valid json (since I requested json ?)
The pb is that when I use the syncope client REST API, I get:
2017-09-15 11:17:13.625 -ERROR [http-apr-9080-exec-6]
org.apache.cxf.jaxrs.utils.JAXRSUtils : No message body reader has
been found for class java.util.List, ContentType: text/html;charset=utf-8
2017-09-15 11:17:13.626 -DEBUG [http-apr-9080-exec-6]
o.a.s.c.lib.RestClientExceptionMapper : Could not read
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read
headers...
javax.ws.rs.client.ResponseProcessingException: No message body
reader has been found for class java.util.List, ContentType:
text/html;charset=utf-8
at
org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
at
org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390)
at
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326)
at
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
at
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
at
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)
at com.sun.proxy.$Proxy641.read(Unknown Source)
at
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132)
Should we modify
the org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint
? (not super because we'd need to handle manually XML and JSON
formatting)
Hi Adrian,
your proposal makes sense but I remember (not well enough,
unfortunately) that there were some related issues when attempting to
change the AuthenticationEntryPoint due to some Spring Security internals.
Anyway, your contribution is more than welcome, as usual!
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/