Quarkus JWT custom exception handling
69 views
Skip to first unread message
ibrahim....@gmail.com
Dec 2, 2020, 9:34:14 AM12/2/20
to Quarkus Development mailing list
Dears,
I want to implement some extra functionality when JWT verification fails, I am using JWT extension and I registered exception mapper with @Provider annotation and tried against the below exception types but it didn't work :
I want to implement some extra functionality when JWT verification fails, I am using JWT extension and I registered exception mapper with @Provider annotation and tried against the below exception types but it didn't work :
1- io.smallrye.jwt.auth.principal.ParseException
2- org.jose4j.jwt.consumer.InvalidJwtException
Any ideas ?
Env :
Quarkus 1.9.2.Final with Java 11.
Sergey Beryozkin
Dec 2, 2020, 9:50:45 AM12/2/20
to ibrahim....@gmail.com, Quarkus Development mailing list
Hi
The security layer is activated before the JAX-RS one so the
authentication related security exceptions (not related to the RBAC
enforcement) can not be caught by the JAX-RS exception mappers. There
is a pending task to wire in Vert.x failure handlers to deal with such
early exceptions.
What you can try now is to disable the proactive authentication:
https://quarkus.io/guides/security-built-in-authentication#proactive-authentication
The `side-effect` of it is that the same authentication failure
exceptions are reported later at the JAX-RS chain level instead.
and register io.quarkus.security.AuthenticationFailedException - the
cause of this exception should be one of those exceptions you are
trying to intercept
Thanks, Sergey
> --
> You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/010c778c-696d-4a8d-ad0b-30faf885d554n%40googlegroups.com.
The security layer is activated before the JAX-RS one so the
authentication related security exceptions (not related to the RBAC
enforcement) can not be caught by the JAX-RS exception mappers. There
is a pending task to wire in Vert.x failure handlers to deal with such
early exceptions.
What you can try now is to disable the proactive authentication:
https://quarkus.io/guides/security-built-in-authentication#proactive-authentication
The `side-effect` of it is that the same authentication failure
exceptions are reported later at the JAX-RS chain level instead.
and register io.quarkus.security.AuthenticationFailedException - the
cause of this exception should be one of those exceptions you are
trying to intercept
Thanks, Sergey
> You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/010c778c-696d-4a8d-ad0b-30faf885d554n%40googlegroups.com.
ibrahim....@gmail.com
Dec 2, 2020, 10:03:01 AM12/2/20
to Quarkus Development mailing list
Thats worked Sergey, Thanks a lot!
Sergey Beryozkin
Dec 2, 2020, 11:50:35 AM12/2/20
to ibrahim....@gmail.com, Quarkus Development mailing list
Cool; I'm going to update the docs with this hint
Sergey
> To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/b2ae2ed8-951a-40dc-a76a-aaf7cba4cfd8n%40googlegroups.com.
Sergey
Reply all
Reply to author
Forward
0 new messages