diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AbstractExceptionHandler.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AbstractExceptionHandler.java index d9f39506dc..aadc35fb20 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AbstractExceptionHandler.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AbstractExceptionHandler.java @@ -30,8 +30,7 @@ @RequiredArgsConstructor public abstract class AbstractExceptionHandler { - protected static final String ERROR_MESSAGE_400 = "400 Status Code: {}"; - protected static final String ERROR_MESSAGE_500 = "500 Status Code: {}"; + protected static final String MESSAGE_FORMAT = "Status Code {}, error message: {}"; private static final String CONTENT_TYPE = MediaType.APPLICATION_JSON_VALUE; protected final MessageService messageService; diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AuthExceptionHandler.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AuthExceptionHandler.java index fb13dee89a..add040c6f8 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AuthExceptionHandler.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/AuthExceptionHandler.java @@ -20,7 +20,11 @@ import org.springframework.stereotype.Component; import org.zowe.apiml.message.api.ApiMessageView; import org.zowe.apiml.message.core.MessageService; -import org.zowe.apiml.security.common.token.*; +import org.zowe.apiml.security.common.token.InvalidTokenTypeException; +import org.zowe.apiml.security.common.token.TokenExpireException; +import org.zowe.apiml.security.common.token.TokenFormatNotValidException; +import org.zowe.apiml.security.common.token.TokenNotProvidedException; +import org.zowe.apiml.security.common.token.TokenNotValidException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -89,77 +93,74 @@ private void handleZosAuthenticationException(HttpServletResponse response, ZosA writeErrorResponse(message, status, response); } - // 400 private void handleAuthenticationRequired(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.AUTH_REQUIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleBadCredentials(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.BAD_CREDENTIALS.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleAuthenticationCredentialsNotFound(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage()); writeErrorResponse(ErrorType.AUTH_CREDENTIALS_NOT_FOUND.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response); } private void handleAuthMethodNotSupported(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); - final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_METHOD_NOT_SUPPORTED.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView(); final HttpStatus status = HttpStatus.METHOD_NOT_ALLOWED; + log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage()); + final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_METHOD_NOT_SUPPORTED.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView(); writeErrorResponse(message, status, response); } private void handleTokenNotValid(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleTokenNotProvided(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.TOKEN_NOT_PROVIDED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleTokenExpire(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.TOKEN_EXPIRED.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleInvalidCertificate(HttpServletResponse response, RuntimeException ex) { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); response.setStatus(HttpStatus.FORBIDDEN.value()); + log.debug(MESSAGE_FORMAT, response.getStatus(), ex.getMessage()); } private void handleTokenFormatException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage()); writeErrorResponse(ErrorType.TOKEN_NOT_VALID.getErrorMessageKey(), HttpStatus.BAD_REQUEST, request, response); } private void handleInvalidTokenTypeException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.UNAUTHORIZED.value(), ex.getMessage()); writeErrorResponse(ErrorType.INVALID_TOKEN_TYPE.getErrorMessageKey(), HttpStatus.UNAUTHORIZED, request, response); } private void handleInvalidAccessTokenBodyException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_400, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.BAD_REQUEST.value(), ex.getMessage()); writeErrorResponse(ex.getMessage(), HttpStatus.BAD_REQUEST, request, response); } - //500 private void handleAuthenticationException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_500, ex); final ApiMessageView message = messageService.createMessage(ErrorType.AUTH_GENERAL.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView(); final HttpStatus status = HttpStatus.INTERNAL_SERVER_ERROR; + log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage()); writeErrorResponse(message, status, response); } private void handleServiceNotAccessibleException(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_500, ex); - final ApiMessageView message = messageService.createMessage(ErrorType.SERVICE_UNAVAILABLE.getErrorMessageKey(), ex.getMessage(), request.getRequestURI()).mapToView(); final HttpStatus status = HttpStatus.SERVICE_UNAVAILABLE; + log.debug(MESSAGE_FORMAT, status.value(), ex.getMessage()); writeErrorResponse(message, status, response); } } diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/ResourceAccessExceptionHandler.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/ResourceAccessExceptionHandler.java index d7bcf165b0..e63b451600 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/ResourceAccessExceptionHandler.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/error/ResourceAccessExceptionHandler.java @@ -10,12 +10,12 @@ package org.zowe.apiml.security.common.error; -import org.zowe.apiml.message.core.MessageService; -import org.zowe.apiml.product.gateway.GatewayNotAvailableException; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; +import org.zowe.apiml.message.core.MessageService; +import org.zowe.apiml.product.gateway.GatewayNotAvailableException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -54,12 +54,12 @@ public void handleException(HttpServletRequest request, HttpServletResponse resp //500 private void handleGatewayNotAvailable(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_500, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.SERVICE_UNAVAILABLE.value(), ex.getMessage()); writeErrorResponse(ErrorType.GATEWAY_NOT_AVAILABLE.getErrorMessageKey(), HttpStatus.SERVICE_UNAVAILABLE, request, response); } private void handleServiceNotAccessible(HttpServletRequest request, HttpServletResponse response, RuntimeException ex) throws ServletException { - log.debug(ERROR_MESSAGE_500, ex.getMessage()); + log.debug(MESSAGE_FORMAT, HttpStatus.SERVICE_UNAVAILABLE.value(), ex.getMessage()); writeErrorResponse(ErrorType.SERVICE_UNAVAILABLE.getErrorMessageKey(), HttpStatus.SERVICE_UNAVAILABLE, request, response); } }