Menu
I am using postman to send a username and password without value to my server; it's like username=null and password=null.
To control the security of my server, I use spring security 3.2. When it receives these credentials spring-security responds with this error.
Estado HTTP 500 - Fields must not be empty
java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor
org.springframework.security.core.userdetails.User.<init>(User.java:99)
org.springframework.security.core.userdetails.User.<init>(User.java:69)
com.equifax.product.fraud.applicationprocessing.web.rest.interceptors.security.SecurityAuthenticationProvider.retrieveUser(SecurityAuthenticationProvider.java:59)
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
I want output JSON with custom message with the error, how can I do that?
This is my security.xml:
<security:http create-session="never" use-expressions="true"
auto-config="false">
<security:intercept-url pattern="/application/**"
access="isFullyAuthenticated()" />
<security:anonymous />
<security:http-basic entry-point-ref="securityAccessDeniedEntryPoint" />
<security:access-denied-handler ref="securityAccessDeniedHandler" />
</security:http>
<security:authentication-manager alias="authenticationManager"
erase-credentials="false">
<security:authentication-provider
ref="genericSecurityAuthenticationProvider" />
</security:authentication-manager>
I'am using Spring 3.2
431
You are passing the basic authentication String ":" (after base64 decoding), so as you say this results in an empty password an username. The BasicAuthenticationFilter passes these to the authentication provider, which is your custom code (SecurityAuthenticationProvider) so it's impossible to say exactly what it does. Somewhere in there are you are creating a User instance with those values, which throws the exception you are seeing. Instead you should check for empty values in your AuthenticationProvider and throw an Authenticationexception.
You will also need to override the onUnsuccessfulAuthentication function in the BasicAuthenticationFilter to write the error response you want. You'll have to configure it as a custom filter, rather than using the <security:http-basic /> element.
63
Use the standard exception of spring security, it will handle by itself if you already have an exception handler to transform the messages into Json response.
catch (Exception exception)
{
throw new AuthenticationCredentialsNotFoundException("Fields must not be empty", exception);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
