luckybastard luckybastard - 7 months ago 236
Java Question

spring oauth2 custom login error

I have got problem to define custom error message when login failed, so now when my login fail i get http 400 with payload:

{"error":"invalid_grant","error_description":"Bad credentials"}


How to customize this message, and return own json?

I am using spring boot (1.3.2.RELEASE) and spring security OAuth2 (2.0.8.RELEASE).

Answer

First off, create a new exception that extends the Oauth2Exception. For example, we have a CustomOauthException like following:

@JsonSerialize(using = CustomOauthExceptionSerializer.class)
public class CustomOauthException extends OAuth2Exception {
    public CustomOauthException(String msg) {
        super(msg);
    }
}

Here we're gonna use CustomOauthExceptionSerializer for serializing CustomOauthExceptions to JSON strings:

public class CustomOauthExceptionSerializer extends StdSerializer<CustomOauthException> {
    public CustomOauthExceptionSerializer() {
        super(CustomOauthException.class);
    }

    @Override
    public void serialize(CustomOauthException value, JsonGenerator gen, SerializerProvider provider) throws IOException {
        gen.writeStartObject();
        gen.writeStringField("custom_error", value.getOAuth2ErrorCode());
        gen.writeStringField("custom_error_description", value.getMessage());
        if (value.getAdditionalInformation()!=null) {
            for (Map.Entry<String, String> entry : value.getAdditionalInformation().entrySet()) {
                String key = entry.getKey();
                String add = entry.getValue();
                gen.writeStringField(key, add);
            }
        }
        gen.writeEndObject();
    }
}

Finally we need to register a WebResponseExceptionTranslator in our AuthorizationServerConfigurerAdapter to translate spring security's Oauth2Exceptions to our CustomOauthExceptions. Here we are:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                // other endpoints
                .exceptionTranslator(e -> {
                    if (e instanceof OAuth2Exception) {
                        OAuth2Exception oAuth2Exception = (OAuth2Exception) e;

                        return ResponseEntity
                                .status(oAuth2Exception.getHttpErrorCode())
                                .body(new CustomOauthException(oAuth2Exception.getMessage()));
                    } else {
                        throw e;
                    }
                });
    }

    // rest of the authorization server config
}

After all these, you would see the customized JSON response:

{"custom_error":"invalid_grant", "custom_error_description":"Bad credentials"}