Camel - Spring Boot Security - REST - 404 on sending wrong credentials

0
votes

This is really a weird error. Am trying spring security on camel restlets endpoints

Route

from("restlet://test?restletMethod=GET").to("some endpoint");

Added default Security jar

spring-boot-starter-security

Application.properties

security.basic.enabled=true
security.user.name=user

Context Configuration

    @Bean
    public ServletRegistrationBean servletRegistrationBean() {
        SpringServerServlet servlet = new SpringServerServlet();
        DispatcherServlet dispatcherServlet = new DispatcherServlet();
        ServletRegistrationBean registration = new ServletRegistrationBean( servlet , "/*");

        registration.setName("restlet");

        Map<String,String> params = new HashMap<>();
        params.put("org.restlet.component", "restletComponent");

        registration.addInitParameter( "org.restlet.component", "restletComponent" );

        return registration;
    }

When the run the APP as spring boot application, it generates a default password.

Using default security password: f701928f-29c6-448f-9640-430cc5f215be

Now, if I call the rest using correct credentials, its working fine. But if I call with wrong credentials , it is returning 404 not found

Whats wrong ?

1
spring-bootspring-securityapache-camelbasic-authenticationspring-security-rest
So I have a couple of questions: 1) which version of spring boot are you using? 2) how is your authentication failure url configured? 3) have you configured an access denied handler error page 403? If not, this will automatically redirect to a 404 error. - karen
1) 1.5.7 2) No 3) No. But the example I got is working without configuring anything. It throws "Full Authentication Required" error clearly - madhairsilence
Looks like the configuration i use is causing the problem. Updating the question. Still no solution - madhairsilence

1 Answers

0
votes

The issue was the ServletRegistrationBean am Using , which catches 401 error and sends redirect to a page called /error.

Unfortunately, there is not fix for this. But there is a work around.

Have a simple rest api called with path as '/error' and return any output you want.

Example

from("restlet:/error?restletMethods=GET").transform(simple("unauthorized"));