Package com.alpaca.security.oauth2
Class AuthFailureHandler
java.lang.Object
org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
com.alpaca.security.oauth2.AuthFailureHandler
- All Implemented Interfaces:
org.springframework.security.web.authentication.AuthenticationFailureHandler
@Component
public class AuthFailureHandler
extends org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
Custom authentication failure handler for OAuth2 login flows.
When authentication fails, this handler:
- Removes cookies used during the OAuth2 authorization request (via
CookieAuthReqRepo). - Determines an appropriate redirect URL, falling back to a configured frontend URI as needed.
- Appends an `error` query parameter to the redirect target—with sanitized message content—to inform the client of the failure.
- Redirects the client to the resulting URL using Spring Security’s redirection strategy.
This approach helps protect against open redirects by limiting fallback locations and sanitizes error messages to mitigate injection-like risks.
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final Patternprivate final Stringprivate final CookieAuthReqRepoFields inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
logger -
Constructor Summary
ConstructorsConstructorDescriptionAuthFailureHandler(CookieAuthReqRepo repository, @NotNull String frontendUri) Constructs the handler with required dependencies. -
Method Summary
Modifier and TypeMethodDescriptionprivate StringappendErrorParam(String base, String rawError) Appends a sanitized "error" query parameter to the base URL.voidonAuthenticationFailure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) private StringresolveTargetUrl(jakarta.servlet.http.HttpServletRequest request) Determines the target URL for redirection after failure.Methods inherited from class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
getRedirectStrategy, isAllowSessionCreation, isUseForward, saveException, setAllowSessionCreation, setDefaultFailureUrl, setRedirectStrategy, setUseForward
-
Field Details
-
repository
-
frontendUri
-
ERROR_SANITIZER
-
-
Constructor Details
-
AuthFailureHandler
public AuthFailureHandler(CookieAuthReqRepo repository, @Value("${app.frontendURI}") @NotNull @NotNull String frontendUri) Constructs the handler with required dependencies.- Parameters:
repository- the repository for handling OAuth2 auth request cookiesfrontendUri- the default frontend URI to redirect to upon failure
-
-
Method Details
-
onAuthenticationFailure
public void onAuthenticationFailure(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) throws IOException - Specified by:
onAuthenticationFailurein interfaceorg.springframework.security.web.authentication.AuthenticationFailureHandler- Overrides:
onAuthenticationFailurein classorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler- Throws:
IOException
-
resolveTargetUrl
Determines the target URL for redirection after failure. Prefers the "redirect_uri" request parameter or cookie, and falls back tofrontendUri.- Parameters:
request- the incoming HTTP request- Returns:
- the redirection URL
-
appendErrorParam
Appends a sanitized "error" query parameter to the base URL. Removes potentially harmful characters from the error message.- Parameters:
base- the base redirect URLrawError- the original error message- Returns:
- the sanitized URL
-