Skip to content

Handle IllegalArgumentException in SecurityWebFilterChain bean #939

Description

@hantsy

Description

@Configuration
@Import(SecurityProblemSupport::class)
class SecurityConfig{
    @Autowired
    lateinit var problemSupport: SecurityProblemSupport

    //...
    @Bean
    fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain = http {
        //....
        exceptionHandling {
            authenticationEntryPoint = problemSupport
            accessDeniedHandler = problemSupport
        }
        authorizeExchange {
            // ignore all default static resources
            authorize(pathMatchers("/{id}/**"), customCheck())
           //...
        }
   }
   
   fun customCheck():ReactiveAuthenctionManager<AuthenticationContext>{
      // a runtime IllegalArgumentException was thrown here.
   }
}

I have created an exception handler for IllegalArgumentException, it is working well for handling the exceptions from controllers.

Expected Behavior

Handled IllegalArgumentException, return a 400 status.

Actual Behavior

But it throws a 500 internal error instead.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions