Add useful information to the authentication error (#3963)

Apicurio · Nov 10, 2023 · f10fafd · f10fafd
1 parent 0efc6df
commit f10fafd
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 11 deletions.
diff --git a/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java b/app/src/main/java/io/apicurio/registry/rest/AuthenticationFailedExceptionMapper.java
@@ -16,14 +16,26 @@
 
 package io.apicurio.registry.rest;
 
-import io.quarkus.security.AuthenticationFailedException;
-
+import io.apicurio.registry.services.http.ErrorHttpResponse;
+import io.apicurio.registry.services.http.RegistryExceptionMapperService;
+import io.quarkus.security.UnauthorizedException;
+import jakarta.annotation.Priority;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.Priorities;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.ext.ExceptionMapper;
+import jakarta.ws.rs.ext.Provider;
+
+@Provider
+@Priority(Priorities.AUTHENTICATION)
+public class AuthenticationFailedExceptionMapper implements ExceptionMapper<UnauthorizedException> {
+
+    @Inject
+    RegistryExceptionMapperService exceptionMapperService;
 
-public class AuthenticationFailedExceptionMapper implements ExceptionMapper<AuthenticationFailedException> {
     @Override
-    public Response toResponse(AuthenticationFailedException exception) {
-        return Response.status(401).build();
+    public Response toResponse(UnauthorizedException exception) {
+        ErrorHttpResponse errorHttpResponse = exceptionMapperService.mapException(exception);
+        return Response.status(401).entity(errorHttpResponse).build();
     }
 }
diff --git a/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java b/app/src/main/java/io/apicurio/registry/rest/RegistryExceptionMapper.java
@@ -61,7 +61,6 @@ public class RegistryExceptionMapper implements ExceptionMapper<Throwable> {
 
     @Inject
     RegistryExceptionMapperService exceptionMapper;
-
     @Context
     HttpServletRequest request;
 

diff --git a/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java b/app/src/main/java/io/apicurio/registry/services/http/RegistryExceptionMapperService.java
@@ -57,6 +57,7 @@
 import io.apicurio.rest.client.auth.exception.ForbiddenException;
 import io.apicurio.rest.client.auth.exception.NotAuthorizedException;
 import io.apicurio.tenantmanager.client.exception.TenantManagerClientException;
+import io.quarkus.security.UnauthorizedException;
 import io.smallrye.mutiny.TimeoutException;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
@@ -136,6 +137,8 @@ public class RegistryExceptionMapperService {
         map.put(ParametersConflictException.class, HTTP_CONFLICT);
         map.put(DownloadNotFoundException.class, HTTP_NOT_FOUND);
         map.put(ConfigPropertyNotFoundException.class, HTTP_NOT_FOUND);
+        map.put(UnauthorizedException.class, HTTP_UNAUTHORIZED);
+        map.put(io.quarkus.security.ForbiddenException.class, HTTP_FORBIDDEN);
         // From io.apicurio.common.apps.multitenancy.TenantManagerService:
         map.put(NotAuthorizedException.class, HTTP_FORBIDDEN);
         map.put(ForbiddenException.class, HTTP_FORBIDDEN);

diff --git a/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/SimpleAuthTest.java
@@ -21,7 +21,12 @@
 import io.apicurio.registry.rest.client.AdminClient;
 import io.apicurio.registry.rest.client.RegistryClient;
 import io.apicurio.registry.rest.client.exception.ArtifactNotFoundException;
-import io.apicurio.registry.rest.v2.beans.*;
+import io.apicurio.registry.rest.v2.beans.ArtifactMetaData;
+import io.apicurio.registry.rest.v2.beans.ArtifactOwner;
+import io.apicurio.registry.rest.v2.beans.EditableMetaData;
+import io.apicurio.registry.rest.v2.beans.IfExists;
+import io.apicurio.registry.rest.v2.beans.Rule;
+import io.apicurio.registry.rest.v2.beans.UserInfo;
 import io.apicurio.registry.rules.compatibility.CompatibilityLevel;
 import io.apicurio.registry.rules.validity.ValidityLevel;
 import io.apicurio.registry.types.ArtifactType;
@@ -51,9 +56,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.UUID;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.*;
 
 /**
  * @author Fabian Martinez
@@ -99,6 +102,14 @@ public void testWrongCreds() throws Exception {
         });
     }
 
+    @Test
+    public void testNoCreds() throws Exception {
+        RegistryClient clientNoAuth = createClient(null);
+        Assertions.assertThrows(NotAuthorizedException.class, () -> {
+            clientNoAuth.listArtifactsInGroup(groupId);
+        });
+    }
+
     @Test
     public void testReadOnly() throws Exception {
         Auth auth = new OidcAuth(httpClient, JWKSMockServer.READONLY_CLIENT_ID, "test1");

diff --git a/storage/mysql/pom.xml b/storage/mysql/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>io.apicurio</groupId>
         <artifactId>apicurio-registry-storage</artifactId>
-        <version>2.4.13-SNAPSHOT</version>
+        <version>2.5.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
-Original file line number
+Diff line change
@@ Expand Up @@
         @Inject
         RegistryExceptionMapperService exceptionMapper;
         @Context
         HttpServletRequest request;
@@ Expand Down @@