Token parsing error currently bubbles up as an IOException. AbstractAuthenticationProcessingFilter only routes AuthenticationException through the failure handler

aarmam · SanderKondratjevNortal · commit 6e65ba487fe7 · 2025-09-29T11:47:41.000+03:00
diff --git a/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java b/example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java
@@ -38,6 +38,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -69,21 +70,29 @@ public WebEidAjaxLoginProcessingFilter(
 
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
-        throws AuthenticationException, IOException {
+        throws AuthenticationException {
         final String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
         if (contentType == null || !contentType.startsWith(MediaType.APPLICATION_JSON_VALUE)) {
             LOG.warn("Content type not supported: {}", contentType);
             throw new AuthenticationServiceException("Content type not supported: " + contentType);
         }
 
         LOG.info("attemptAuthentication(): Reading request body");
-        final WebEidAuthToken webEidAuthToken = OBJECT_READER.readValue(request.getReader());
+        final WebEidAuthToken webEidAuthToken = parseWebEidAuthToken(request);
         LOG.info("attemptAuthentication(): Creating token");
         final PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(null, webEidAuthToken);
         LOG.info("attemptAuthentication(): Calling authentication manager");
         return getAuthenticationManager().authenticate(token);
     }
 
+    private WebEidAuthToken parseWebEidAuthToken(HttpServletRequest request) {
+        try {
+            return OBJECT_READER.readValue(request.getReader());
+        } catch (IOException e) {
+            throw new BadCredentialsException("Unable to authenticate the Web eID authentication token", e);
+        }
+    }
+
     @Override
     protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
         super.successfulAuthentication(request, response, chain, authResult);
