Skip to content

ReactiveAnonymousAuthentication support does not include changes to ExceptionTranslationWebFilter  #6565

New issue
New issue
Open
Open
ReactiveAnonymousAuthentication support does not include changes to ExceptionTranslationWebFilter #6565
Labels
status: waiting-for-triageAn issue we've not yet triaged
@coffeeaddict1978

Description

@coffeeaddict1978
coffeeaddict1978
opened on Feb 26, 2019

Summary

#5934 added support for AnonymousAuthenticationTokens in Reactive applications. It seems one thing was missed out - ExceptionTranslationWebFilter is missing the same logic as ExceptionTranslationFilter

Actual Behavior

All access denied decisions are final and propagated to the caller.

Expected Behavior

Logic similar to the below is required in the reactive ExceptionTranslationWebFilter to translate AccessDeniedException into a redirection for authentication.

		else if (exception instanceof AccessDeniedException) {
			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
			if (authenticationTrustResolver.isAnonymous(authentication) || authenticationTrustResolver.isRememberMe(authentication)) {
				logger.debug(
						"Access is denied (user is " + (authenticationTrustResolver.isAnonymous(authentication) ? "anonymous" : "not fully authenticated") + "); redirecting to authentication entry point",
						exception);

				sendStartAuthentication(
						request,
						response,
						chain,
						new InsufficientAuthenticationException(
							messages.getMessage(
								"ExceptionTranslationFilter.insufficientAuthentication",
								"Full authentication is required to access this resource")));
			}

Configuration

N/A

Version

5.2

Sample

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-triageAn issue we've not yet triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions