Add localization to error messages from ExceptionTranslationFilter

Fixes gh-4504
This commit is contained in:
Benedikt Ritter 2017-08-21 09:41:00 +02:00 committed by Rob Winch
parent 9e22190198
commit fffd781b03
6 changed files with 44 additions and 1 deletions

View File

@ -28,6 +28,7 @@ DigestAuthenticationFilter.nonceExpired=Die Nonce ist nicht mehr g\u00FCltig
DigestAuthenticationFilter.nonceNotNumeric=Das erste Element der Nonce sollte numerisch sein. Gefundener Inhalt\: {0}
DigestAuthenticationFilter.nonceNotTwoTokens=Nonce sollte zwei Elemente beinhalten. Gefundener Inhalt\: {0}
DigestAuthenticationFilter.usernameNotFound=Benutzername {0} wurde nicht gefunden
ExceptionTranslationFilter.insufficientAuthentication=Vollst\u00E4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen
#JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority
#JdbcDaoImpl.notFound=User {0} not found
LdapAuthenticationProvider.badCredentials=Ung\u00FCltige Anmeldedaten

View File

@ -28,6 +28,7 @@ DigestAuthenticationFilter.nonceExpired=Nonce has expired/timed out
DigestAuthenticationFilter.nonceNotNumeric=Nonce token should have yielded a numeric first token, but was {0}
DigestAuthenticationFilter.nonceNotTwoTokens=Nonce should have yielded two tokens but was {0}
DigestAuthenticationFilter.usernameNotFound=Username {0} not found
ExceptionTranslationFilter.insufficientAuthentication=Full authentication is required to access this resource
JdbcDaoImpl.noAuthority=User {0} has no GrantedAuthority
JdbcDaoImpl.notFound=User {0} not found
LdapAuthenticationProvider.badCredentials=Bad credentials

View File

@ -21,6 +21,7 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
@ -30,6 +31,8 @@ import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.context.support.MessageSourceAccessor;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
@ -83,6 +86,8 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
private RequestCache requestCache = new HttpSessionRequestCache();
private final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) {
this(authenticationEntryPoint, new HttpSessionRequestCache());
}
@ -179,7 +184,9 @@ public class ExceptionTranslationFilter extends GenericFilterBean {
response,
chain,
new InsufficientAuthenticationException(
"Full authentication is required to access this resource"));
messages.getMessage(
"ExceptionTranslationFilter.insufficientAuthentication",
"Full authentication is required to access this resource")));
}
else {
logger.debug(

View File

@ -0,0 +1 @@
ExceptionTranslationFilter.insufficientAuthentication=Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen

View File

@ -0,0 +1 @@
ExceptionTranslationFilter.insufficientAuthentication=Full authentication is required to access this resource

View File

@ -18,6 +18,7 @@ package org.springframework.security.web.access;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockPortResolver;
@ -41,6 +42,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Locale;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.fail;
@ -167,6 +169,36 @@ public class ExceptionTranslationFilterTests {
assertThat(request.getAttribute(WebAttributes.ACCESS_DENIED_403)).isExactlyInstanceOf(AccessDeniedException.class);
}
@Test
public void testLocalizedErrorMessages() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/secure/page.html");
// Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class);
doThrow(new AccessDeniedException("")).when(fc).doFilter(
any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is
// anonymous
SecurityContextHolder.getContext().setAuthentication(
new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils
.createAuthorityList("IGNORED")));
// Test
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(
(req, res, ae) -> res.sendError(403, ae.getMessage()));
filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
LocaleContextHolder.setDefaultLocale(Locale.GERMAN);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, fc);
assertThat(response.getErrorMessage())
.isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen");
}
@Test
public void redirectedToLoginFormAndSessionShowsOriginalTargetWhenAuthenticationException()
throws Exception {