-
Notifications
You must be signed in to change notification settings - Fork 65
Open
Labels
Description
Lines 89 to 139 in 8fbfb8f
| private void handleAuthenticationRequired(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.AUTH_REQUIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } | |
| private void handleBadCredentials(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.BAD_CREDENTIALS.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } | |
| private void handleAuthenticationCredentialsNotFound(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.AUTH_CREDENTIALS_NOT_FOUND.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response); | |
| } | |
| private void handleAuthMethodNotSupported(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_METHOD_NOT_SUPPORTED.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView(); | |
| final HttpStatus status = HttpStatus.METHOD_NOT_ALLOWED; | |
| writeErrorResponse(message, status, response); | |
| } | |
| private void handleTokenNotValid(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } | |
| private void handleTokenNotProvided(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.TOKEN_NOT_PROVIDED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } | |
| private void handleTokenExpire(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.TOKEN_EXPIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } | |
| private void handleInvalidCertificate(HttpServletResponse response, RuntimeException ex) { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| response.setStatus(HttpStatus.FORBIDDEN.value()); | |
| } | |
| private void handleTokenFormatException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response); | |
| } | |
| private void handleInvalidTokenTypeException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { | |
| log.debug(ERROR_MESSAGE_400, ex.getMessage()); | |
| writeErrorResponse(ErrorType.INVALID_TOKEN_TYPE.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); | |
| } |
- The code above write always a message about status 400 even though a different code is returned.
- If the application returns 401 there should be just one message, multiple messages for 401 could help an attacker
- expired account is one exception
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Unplanned Bugs