Java tutorial
/* * Copyright 2015 Petr Bouda * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied * See the License for the specific language governing permissions and * limitations under the License. */ package org.joyrest.oauth2.handler; import org.joyrest.exception.configuration.TypedExceptionConfiguration; import org.joyrest.model.http.HttpStatus; import org.joyrest.model.request.Request; import org.joyrest.model.response.Response; import org.joyrest.oauth2.exception.ForbiddenException; import org.joyrest.oauth2.exception.UnauthorizedException; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import static org.joyrest.model.http.HeaderName.CACHE_CONTROL; import static org.joyrest.model.http.HeaderName.PRAGMA; import static org.joyrest.model.http.HeaderName.WWW_AUTHENTICATE; import static org.joyrest.routing.entity.ResponseType.Resp; public class OAuthExceptionConfiguration extends TypedExceptionConfiguration { @Override protected void configure() { handle(OAuth2Exception.class, this::process, Resp(OAuth2Exception.class)); handle(AuthenticationException.class, (req, resp, ex) -> { process(req, resp, new UnauthorizedException(ex.getMessage(), ex)); }, Resp(OAuth2Exception.class)); handle(AccessDeniedException.class, (req, resp, ex) -> { process(req, resp, new ForbiddenException(ex.getMessage(), ex)); }, Resp(OAuth2Exception.class)); } private void process(Request<?> req, Response<OAuth2Exception> resp, OAuth2Exception ex) { resp.entity(ex); int status = ex.getHttpErrorCode(); resp.status(HttpStatus.of(status)); resp.header(CACHE_CONTROL, "no-store"); resp.header(PRAGMA, "no-cache"); if (status == HttpStatus.UNAUTHORIZED.code() || (ex instanceof InsufficientScopeException)) { resp.header(WWW_AUTHENTICATE, String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, ex.getSummary())); } } }