Exceptions in Custom AuthFilter everyone, security, spring, filter, before

amy

Hello everyone,
i want to use spring security for my application.
I have to merge Springsec with my custom SSO that works with a web service.

I thought to create a custom filter to add to the ss chain.Code:
lt;sec:from entry-point-ref=quot;authenticationEntryPointquot; use-expressions=quot;truequot;gt;lt;sec:custom-filter before=quotRE_AUTH_FILTERquot; ref=quot;authenticationFilterquot; /gt;
lt;sec:access-denied-handler ref=quot;accessDeniedHandlerquot; /gt;lt;/sec:fromgt;
My authenticationFilter provide to call the sso webservice and add grantedauthoritys to the authentication.

I have a little trouble when an exception is thrown by my sso service. I would like to send the user to the exception handler but it just send it to the servelt and i get a raw 500 internal server error.
I also tried to catch the exception and throw a AccessDeniedException, but it is the same.
What i miss?

thank you.

The AccessDeniedHandler applies to a later stage in the filter chain. It won't handle exceptions thrown from your filter.

Either customize your filter to catch exceptions or set up an error-page declaration for the 500 code in your web.xml (which you should probably do anyway, since end users should never see exceptions).

But do you think that my auth flow is not correct?
Thanks.


Originally Posted by TobiaBut do you think that my auth flow is not correct?
Thanks.

No, but as I said the AccessDeniedHandler won't handle exceptions from your filter. It is a strategy used by the ExceptionTranslationFilter.

Ok, i understand. But I would know if I could build a better chain with a external ws/sso.

Thank you. bye.

I add the 500 error code, but in my error JSP can I print the exception trace?
How to access the exception?

Thank you.

Can I also send different Error code instead of 500? Example an 401 for not authenticated? How to do this?

Thank you.