1

Since Jhipster(Angular + Springboot Scaffolding) uses JWT for authentication, we have a custom login model which checks user authentication. Now the code goes something like this(UserJWTController.java):

   @PostMapping("/authenticate")
    @Timed
    public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM) {

        UsernamePasswordAuthenticationToken authenticationToken =
            new UsernamePasswordAuthenticationToken(loginVM.getUsername(), loginVM.getPassword());
        Authentication authentication = this.authenticationManager.authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
        String jwt = tokenProvider.createToken(authentication, rememberMe);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + jwt);
        return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
    }

Its observed that when a user enters invalid credentials an error is thrown. And front-end (angular) handles the error by showing Text within the modal itself.Something like this

Now, suppose I need to add a custom validation as well. For example, I need to check if that user's Last Name is "Mike", then throw a Custom Error saying "Mike can't log in".

The problem is authenticate() (org.springframework.security.authentication.AuthenticationManager) method throws DisabledException,LockedException and BadCredentialsException by default.

I am not Experienced with Spring Security so I don't really understand how can we Override Classes and add the required functionality.

Moreover, Angular catches a generic Exception, so my guess would be that we need to add another constraint:

.catch(() => {
                this.authenticationError = true;
            });

Any help would be greatly appreciated.

Thanks in Advance.

Aayush
  • 409
  • 4
  • 17

1 Answers1

2

As stated my answer here all you have to do is

1- alter your authorize request method by adding your desired validation and using the as below done in this psoeudo code

 if(!userService.checkUsername(username)){
        throw new CustomParameterizedException("error.EK_L_C01", username);
        // or use the BadRequestAlertException  you can see how to use it in the UserResource.java
    }

However this is not recomanded in my point of vue because when you will use jhipster to update or add some fonctionalities to your app, he may rewrite your class and you will have to handle this code loss, by a git cherry-pick or another way you like

So I believe that using a filter is a better aproach since I have made my best practice using JHipster is to never alter the generated code at any cost

you can use this tutorials to create a filter: using a bean or @WebFilter annotation

all you have to do is to throw the exception after validating in this filters

don't forget to update your error message in the webapp internationalization folder i18n for all languages

Mohammed Housseyn Taleb
  • 1,748
  • 28
  • 64