Add a "JSONified" error management.

2019-08-08 20:51:53 +02:00
parent 6bbb618f12
commit 8205168bce
4 changed files with 76 additions and 12 deletions
--- a/src/main/java/org/codiki/core/config/CustomErrorController.java
+++ b/src/main/java/org/codiki/core/config/CustomErrorController.java
@@ -0,0 +1,58 @@
+package org.codiki.core.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.error.ErrorAttributes;
+import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.context.request.ServletWebRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+
+/**
+ * Controller that catch errors from spring rest or spring security and others, and transform them to JSON response.
+ */
+@RestController
+@RequestMapping("/error")
+public class CustomErrorController implements ErrorController {
+
+    private final ErrorAttributes errorAttributes;
+
+    @Autowired
+    public CustomErrorController(ErrorAttributes errorAttributes) {
+        Assert.notNull(errorAttributes, "ErrorAttributes must not be null");
+        this.errorAttributes = errorAttributes;
+    }
+
+    @Override
+    public String getErrorPath() {
+        return "/error";
+    }
+
+    @RequestMapping
+    public Map<String, Object> error(HttpServletRequest request){
+        Map<String, Object> body = getErrorAttributes(request, getTraceParameter(request));
+        String trace = (String) body.get("trace");
+        if(trace != null){
+            String[] lines = trace.split("\n\t");
+            body.put("trace", lines);
+        }
+        return body;
+    }
+
+    private boolean getTraceParameter(HttpServletRequest request) {
+        String parameter = request.getParameter("trace");
+        if (parameter == null) {
+            return false;
+        }
+        return !"false".equals(parameter.toLowerCase());
+    }
+
+    private Map<String, Object> getErrorAttributes(HttpServletRequest request, boolean includeStackTrace) {
+        return errorAttributes.getErrorAttributes(new ServletWebRequest(request), includeStackTrace);
+    }
+}
--- a/src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java
+++ b/src/main/java/org/codiki/core/security/RestAuthenticationEntryPoint.java
@@ -23,6 +23,6 @@ public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException authException) throws IOException {
-		response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+		response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
 	}
 }
--- a/src/main/java/org/codiki/core/security/SecurityConfiguration.java
+++ b/src/main/java/org/codiki/core/security/SecurityConfiguration.java
@@ -45,18 +45,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http.authorizeRequests()
+			// Permits all
 			.antMatchers(
 				"/api/account/login",
 				"/api/account/logout",
 				"/api/account/signin"
 			).permitAll()
-			.antMatchers(
-				"/api/images/uploadAvatar",
-				"/api/images/myImages",
-				"/api/posts/myPosts",
-				"/api/account/changePassword",
-				"/api/account/"
-			).authenticated()
 			.antMatchers(
 					HttpMethod.GET,
 					"/api/categories",
@@ -66,6 +60,15 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 					"/api/images/**",
 					"/api/posts/**"
 			).permitAll()
+			.antMatchers(
+				"/api/images/uploadAvatar",
+				"/api/images/myImages",
+				"/api/account/changePassword",
+				"/api/account/",
+				"/api/posts/myPosts",
+				"/api/posts/preview",
+				"/api/posts/"
+			).authenticated()
 			.anyRequest().permitAll()
 			.and()
 			// Allow to avoid login form at authentication failure from Angular app
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -21,6 +21,9 @@ logging:

 server:
 #  use-forward-headers=true
+  error:
+    whitelabel:
+      enabled: false # Disable html error responses.
  port: 8080
 #  ssl:
 #    key-store: /home/takiguchi/Developpement/Java/codiki/keystore.p12