Skip to content

Commit

Permalink
Merge pull request #51 from jimmyjames/add-www-authenticate-header
Browse files Browse the repository at this point in the history
Add WWW-Authenticate header for 401 and 403 requests
  • Loading branch information
lbalmaceda authored Jun 9, 2020
2 parents 5e1fbdc + 388a48d commit 94c10c1
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package com.auth0.spring.security.api;

import org.springframework.http.HttpHeaders;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
* Custom handler for access denied exceptions.
*/
class JwtAccessDeniedHandler extends AccessDeniedHandlerImpl {

@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"Insufficient scope\"");
super.handle(request, response, accessDeniedException);
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.auth0.spring.security.api;

import org.springframework.http.HttpHeaders;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

Expand All @@ -9,8 +10,14 @@
import java.io.IOException;

public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
response.addHeader(
HttpHeaders.WWW_AUTHENTICATE,
"Bearer error=\"Invalid access token\""
);

response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,7 @@ public HttpSecurity configure(HttpSecurity http) throws Exception {
.and()
.exceptionHandling()
.authenticationEntryPoint(new JwtAuthenticationEntryPoint())
.accessDeniedHandler(new JwtAccessDeniedHandler())
.and()
.httpBasic().disable()
.csrf().disable()
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.auth0.spring.security.api;

import org.junit.Test;
import org.springframework.security.access.AccessDeniedException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;

public class JwtAccessDeniedHandlerTest {

@Test
public void shouldReturnForbidden() throws Exception {
JwtAccessDeniedHandler handler = new JwtAccessDeniedHandler();
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
AccessDeniedException exception = new AccessDeniedException("Forbidden");

handler.handle(request, response, exception);
verify(response).addHeader(
"WWW-Authenticate",
"Bearer error=\"Insufficient scope\""
);
verify(response).sendError(403, "Forbidden");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,10 @@ public void shouldReturnUnauthorized() throws Exception {
AuthenticationException exception = mock(AuthenticationException.class);

entryPoint.commence(request, response, exception);
verify(response).addHeader(
"WWW-Authenticate",
"Bearer error=\"Invalid access token\""
);
verify(response).sendError(401, "Unauthorized");
}

}

0 comments on commit 94c10c1

Please sign in to comment.