Handle exceptions for signin/signup

Author: carousel

logs/flight-advisor.log

@@ -79,6 +79,10 @@
             <version>0.11.1</version>
             <scope>runtime</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
         <dependency>
             <groupId>javax.validation</groupId>
             <artifactId>validation-api</artifactId>

pom.xml

@@ -7,6 +7,8 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
 import springfox.documentation.builders.PathSelectors;
 import springfox.documentation.builders.RequestHandlerSelectors;
 import springfox.documentation.service.ApiInfo;
@@ -15,6 +17,7 @@
 import springfox.documentation.spring.web.plugins.Docket;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
+import java.nio.file.AccessDeniedException;
 import java.util.ArrayList;
 import java.util.concurrent.Executor;
 

src/main/java/com/miro/flightadvisor/FlightAdvisorServiceApplication.java

@@ -14,6 +14,9 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
+
+import java.nio.file.AccessDeniedException;
 
 @Configuration
 @EnableWebSecurity
@@ -42,6 +45,7 @@ public AuthenticationManager authenticationManager() throws Exception {
             "/v2/api-docs",
             "/webjars/**"
     };
+
     @Override
     public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers(AUTH_WHITELIST);

src/main/java/com/miro/flightadvisor/SecurityConfig.java

@@ -18,9 +18,11 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
+import javax.persistence.Access;
 import javax.validation.Valid;
 import java.time.LocalDate;
 import java.util.List;
@@ -74,7 +76,7 @@ public Optional<?> getCity(
     @ApiResponses(value = {@ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 400, message = "Bad request"), @ApiResponse(code = 500, message = "Server error")})
     @PreAuthorize("hasRole('ROLE_USER')")
     public Optional<List<Comment>> comments() {
-        return cityService.allCommentsForCity();
+            return cityService.allCommentsForCity();
     }
 
     @PostMapping("{cityId}/comments")

src/main/java/com/miro/flightadvisor/controllers/CityController.java

@@ -10,12 +10,14 @@
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.client.HttpServerErrorException;
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
 import javax.validation.ConstraintViolation;
 import javax.validation.ConstraintViolationException;
+import java.nio.file.AccessDeniedException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -31,7 +33,7 @@ protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotV
             errors.add(error.getObjectName() + ": " + error.getDefaultMessage());
         }
 
-        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), errors);
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, HttpStatus.BAD_REQUEST.value(), ex.getLocalizedMessage(), errors);
         return handleExceptionInternal(ex, apiError, headers, apiError.getStatus(), request);
     }
 
@@ -52,7 +54,7 @@ public ResponseEntity<Object> handleConstraintViolation(ConstraintViolationExcep
             errors.add(violation.getMessage());
         }
 
-        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, ex.getLocalizedMessage(), errors);
+        ApiError apiError = new ApiError(HttpStatus.BAD_REQUEST, HttpStatus.BAD_REQUEST.value(), ex.getLocalizedMessage(), errors);
         return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus());
 
     }
@@ -69,10 +71,22 @@ public ResponseEntity<Object> handleMethodArgumentTypeMismatch(
                 apiError, new HttpHeaders(), apiError.getStatus());
     }
 
-//    @ExceptionHandler({Exception.class})
-//    public ResponseEntity<Object> handleAll(Exception ex, WebRequest request) {
-//        ApiError apiError = new ApiError(HttpStatus.INTERNAL_SERVER_ERROR, ex.getLocalizedMessage(), "error occurred");
-//        return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus());
-//    }
+    @ExceptionHandler({HttpServerErrorException.class})
+    public ResponseEntity<Object> handleAll(HttpServerErrorException ex, WebRequest request) {
+        ApiError apiError = new ApiError(HttpStatus.FORBIDDEN, HttpStatus.FORBIDDEN.value(), ex.getMessage(), "error occured");
+        return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus());
+    }
+
+    @ExceptionHandler({Exception.class})
+    public ResponseEntity<Object> handleAll(Exception ex, WebRequest request) {
+        ApiError apiError = new ApiError(HttpStatus.INTERNAL_SERVER_ERROR, HttpStatus.INTERNAL_SERVER_ERROR.value(), ex.getLocalizedMessage(), "error occurred");
+        return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus());
+    }
+
+    @ExceptionHandler({AccessDeniedException.class})
+    public ResponseEntity<Object> handleAccessDenied(AccessDeniedException ex, WebRequest request) {
+        ApiError apiError = new ApiError(HttpStatus.FORBIDDEN, HttpStatus.FORBIDDEN.value(), ex.getLocalizedMessage(), "error occurred");
+        return new ResponseEntity<Object>(apiError, new HttpHeaders(), apiError.getStatus());
+    }
 
 }

src/main/java/com/miro/flightadvisor/controllers/ExceptionsControllerAdvice.java

@@ -16,9 +16,10 @@ public class ApiError {
     private String message;
     private List<String> errors;
 
-    public ApiError(HttpStatus status, String message, List<String> errors) {
+    public ApiError(HttpStatus status, int errorCode, String message, List<String> errors) {
         super();
         this.status = status;
+        this.errorCode = errorCode;
         this.message = message;
         this.errors = errors;
     }

src/main/java/com/miro/flightadvisor/exception/ApiError.java

@@ -1,5 +1,6 @@
 package com.miro.flightadvisor.security.beans;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Getter;
 import lombok.Setter;
 import org.springframework.stereotype.Component;
@@ -14,8 +15,11 @@ public class SignupBean {
     private String username;
     @NotBlank(message = "Password is required")
     private String password;
+    @NotBlank(message = "First name is required")
     private String firstName;
+    @NotBlank(message = "Last name is required")
     private String lastName;
     private String role;
+    @JsonIgnore
     private String salt;
 }

src/main/java/com/miro/flightadvisor/security/beans/SignupBean.java

@@ -26,12 +26,12 @@ public class UserController {
     @PostMapping("/signin")
     public String login(@RequestBody @Valid LoginBean loginBean) {
         return userService.signin(loginBean.getUsername(), loginBean.getPassword()).orElseThrow(() ->
-                new HttpServerErrorException(HttpStatus.FORBIDDEN, "LoginBean Failed"));
+                new HttpServerErrorException(HttpStatus.FORBIDDEN, "login failed, please try again"));
     }
 
     @PostMapping("/signup")
     @ResponseStatus(HttpStatus.CREATED)
-    public User signup(@RequestBody @Valid SignupBean signupBean) {
+    public User signup(@Valid @RequestBody SignupBean signupBean) {
         return userService.signup(signupBean.getUsername(), signupBean.getPassword(), signupBean.getFirstName(),
                 signupBean.getLastName()).orElseThrow(() -> new HttpServerErrorException(HttpStatus.BAD_REQUEST, "User already exists"));
     }

src/main/java/com/miro/flightadvisor/security/controllers/UserController.java

@@ -6,6 +6,8 @@
 import lombok.Setter;
 
 import javax.persistence.*;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
 
 
 import java.security.SecureRandom;
@@ -27,6 +29,7 @@ public class User {
     @Column(name = "id")
     private Long id;
     @Column(name = "username")
+    @NotBlank
     private String username;
     @Column(name = "password")
     @JsonIgnore
@@ -36,6 +39,7 @@ public class User {
     @Column(name = "last_name")
     private String lastName;
     @Column(name = "salt")
+    @JsonIgnore
     private byte[] salt;
     @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name = "user_role", joinColumns