I'm trying to get the exact motive for a failed autentication (i.e wrong password, user doesn't exist, and so on) problem is, no matter how I try do simulate this actions I always get "Full authentication is required to access this resource", how can I get a more detailed exception ? TKS in advance !
Here's my code:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserService userService;
@Autowired
UnauthorizedCustomResponse unauthorizedCustomResponse;
@Autowired
AccessDeniedCustomResponse accessDeniedCustomResponse;
@Autowired
CryptographyService cryptographyService;
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(userService)
.passwordEncoder(cryptographyService.getCryptography());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth/signin", "/api/public/**", "/api/private/**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedCustomResponse)
.accessDeniedHandler(accessDeniedCustomResponse)
.and()
.httpBasic();
}
}
@Component
public class AccessDeniedCustomResponse implements AccessDeniedHandler {
private final Logger logger = LogManager.getLogger(this.getClass());
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception)
throws IOException, ServletException {
logger.error("Usuário n?o autenticado: {}", exception.getMessage());
CustomException customException = new CustomException(CustomExceptionMessage.CUSTOM_EXCEPTION_NOT_MAPPED, exception);
customException.flush(response);
}
}
@Component
public class UnauthorizedCustomResponse implements AuthenticationEntryPoint {
private final Logger logger = LogManager.getLogger(this.getClass());
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
logger.error("Acesso n?o autorizado: {}", exception.getMessage());
CustomException customException = new CustomException(CustomExceptionMessage.ACCESS_DENIED, exception);
customException.flush(response);
}
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…