Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does Spring Security BadCredentialsException mapped to HTTP 401 code

Tags:

java

http-status-codes

spring

spring-boot

spring-security

When i throw a org.springframework.security.authentication.BadCredentialsException exception, in client it will display 401 as below,

{
  "timestamp": "2016-03-29T09:07:50.866+0000",
  "status": 401,
  "error": "Unauthorized",
  "message": "Some message",
  "path": "/test/service1/getAll"
}

I want to know where and how does the BadCredentialsException mapped to HTTP 401 Status code?

like image 984
Harshana Avatar asked Mar 29 '16 09:03

Harshana

People also ask

How does Spring Security authentication work internally?

The short answer: At its core, Spring Security is really just a bunch of servlet filters that help you add authentication and authorization to your web application. It also integrates well with frameworks like Spring Web MVC (or Spring Boot), as well as with standards like OAuth2 or SAML.

How does spring boot handle authentication exception?

Spring security exceptions can be directly handled by adding custom filters and constructing the response body. To handle these exceptions at a global level via @ExceptionHandler and @ControllerAdvice, we need a custom implementation of AuthenticationEntryPoint.

How security is achieved in spring?

We can configure spring security by editing web. xml or by extending the WebSecurityConfigurerAdapter implementation. In both the methods, we can define the providers for authentication and authorization and descriptions of application scopes that need authentication and/ or authorization.

How is Spring Security implemented?

Spring Security supports multiple ways to implement this type of authentication. The typical way to implement Remember Me authentication is by hashing the user details with a secret key that is on the server and encoding it along with the username and expiration time.

1 Answers

It's ExceptionTranslationFilter that handles exceptions thrown by the security interceptors and provides suitable HTTP responses:

The ExceptionTranslationFilter sits above the FilterSecurityInterceptor in the security filter stack. It doesn’t do any actual security enforcement itself, but handles exceptions thrown by the security interceptors and provides suitable and HTTP responses.

Check out the Spring Security documentation for more information here and here.

like image 96
Ali Dehghani Avatar answered Sep 27 '22 23:09

Ali Dehghani
Sign in to Comment

Related questions

Save image into Mat using Java?
Spring Webjars locator and context-path
@RequestBody not working on Rest service
Save a single enum value out of many types possible
How to do a @CustomAnnotation annotation that triggers a filter in Spring 3 MVC?
How can i implement two JNI methods with same name but different Params?
Maven dependency for Google Spreadsheet
Can AspectJ weave through sun.net.* packages?
Transaction TransactionImple ActionStatus.ABORTED was already rolled back
Why is program not terminating?
Java 8 GroupingBy with Collectors on an object
New Maven dependcy turns on jOOQ logging
I can't see Swing JSeparator
Why does the java substring method work like this? [duplicate]
Instantiating and Initializing java.nio.files.Path?
Set custom SSL truststore only for mysql jdbc
public static runtime incremental change - android
dbUnit support for Postgresql Array
No property index found for type User
Get a 404 error with simple spring-data-rest project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!