How to handle CredentialsExpiredException in my Spring boot connect App

Hi Experts,

I am using the spring boot connect app and if JWT token is expired then I am getting below exception and the default API response is below.

Exception:

20-07-09 14:53:23.475   [ERROR] --- [http-nio-8080-exec-1] com.atlassian.connect.spring.internal.auth.jwt.JwtAuthenticationProvider:172 - JWT expired at Thu Jul 09 13:24:29 IST 2020 and time is now Thu Jul 09 14:53:23 IST 2020 (30 seconds leeway is allowed)
2020-07-09 14:53:23.478   [WARN ] --- [http-nio-8080-exec-1] com.atlassian.connect.spring.internal.auth.jwt.JwtAuthenticationFilter:72 - Failed to authenticate request
org.springframework.security.authentication.CredentialsExpiredException: JWT expired at Thu Jul 09 13:24:29 IST 2020 and time is now Thu Jul 09 14:53:23 IST 2020 (30 seconds leeway is allowed)
        at com.atlassian.connect.spring.internal.auth.jwt.JwtAuthenticationProvider.verifyToken(JwtAuthenticationProvider.java:173) ~[atlassian-connect-spring-boot-core-2.0.6.jar:?]
        at com.atlassian.connect.spring.internal.auth.jwt.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:69) ~[atlassian-connect-spring-boot-core-2.0.6.jar:?]
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) ~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:195) ~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:511) ~[spring-security-config-5.2.2.RELEASE.jar:5.2.2.RELEASE]
        at com.atlassian.connect.spring.internal.auth.jwt.JwtAuthenticationFilter.doFilterInternal(JwtAuthenticationFilter.java:69) [atlassian-connect-spring-boot-core-2.0.6.jar:?]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.5.RELEASE.jar:5.2.5.RELEASE]

{
    "status": 401,
    "error": "None",
    "message": "No message available",
    "timeStamp": "Thu Jul 09 14:53:23 IST 2020"
}

How to handle this CredentialsExpiredException exception in my code?
I used ResponseEntityExceptionHandler but it is not working.

@dchouksey89, that exception is thrown by the JWT authentication middleware when handling an incoming request with an expired JWT token. You cannot handle it in your application code beyond disabling JWT authentication.

There may be different reasons for you receiving an expired JWT token. Sometimes customers’ browsers can attempt to reload iframes with stale URLs. It could also be due to clock skew on your system.

Hi @epehrson,

Is there any way to handle this exception and send customize error message?

{
    "status": 401,
    "error": "None",
    "message": "JWT token has expired",
    "timeStamp": "Thu Jul 09 14:53:23 IST 2020"
}

@dchouksey89, I had a quick look at this, and I think there are multiple ways to accomplish it. I’m sure atlassian-connect-spring-boot could be improved to make this kind of customization easier and enable a more elegant solution, but here is one that seems to work.

server.error.path: /my-error

@RestController
public class MyErrorController extends AbstractErrorController {

    private static final String PATH = "/my-error";

    @Autowired
    public MyErrorController(ErrorAttributes errorAttributes) {
        super(errorAttributes);
    }

    @Override
    public String getErrorPath() {
        return PATH;
    }

    @RequestMapping(value = PATH)
    @IgnoreJwt
    public String error(HttpServletRequest request, HttpServletResponse response) {
        Exception authenticationException = (Exception) request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
        response.setStatus(401);
        return authenticationException.getMessage();
    }
}

Hi @epehrson

Ohh nice thanks for the sample code.