fix : ensure a consistent format for request and response payloads for all APIs, covering both success and error scenarios

Author: patternhelloworld

README.md

@@ -2,11 +2,11 @@
 ## Overview
 
 * In the Spring Security 6 ecosystem, compared to 5, there is a preference for JWT or Keycloak over traditional OAuth2 using a Password Grant method with Spring Security Authorization and Resource Server. I needed to incorporate the current OAuth2 Password Grant with the Spring Security new version and am showing the customization.
-  * Set up access & refresh token APIs on both '/oauth2/token' and on our controller layer such as '/api/v1...', both of which function same.
+  * Set up access & refresh token APIs on both '/oauth2/token' and on our controller layer such as '/api/v1...', both of which function same and have `the same request & response payloads for success and errors`.
   * Authentication management based on a combination of username, client id, and an extra token (referred to in the source code as App-Token, which receives a unique value from the calling devices).
   * Separated UserDetails implementation for Admin and Customer roles.
   * Integration with spring-security-oauth2-authorization-server.
-    * Provide MySQL DDL, which consists of oauth\_access\_token, oauth\_refresh\_token and oauth\_client\_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the ``authorization`` table indicated in https://github.com/spring-projects/spring-authorization-server.
+   * Provide MySQL DDL, which consists of oauth\_access\_token, oauth\_refresh\_token and oauth\_client\_details, which is tables in Security 5. As I mean to migrate current security system to Security 6, I haven't changed them to the ``authorization`` table indicated in https://github.com/spring-projects/spring-authorization-server.
   * Application of Spring Rest Docs.
 ## Dependencies
 
@@ -28,5 +28,5 @@
 
 ### Running this App with Docker
 * Use the following module for Blue-Green deployment:
-  * https://github.com/Andrew-Kang-G/docker-blue-green-runner
+  * https://github.com/patternknife/docker-blue-green-runner
 * The above module references this app's Dockerfile and the entrypoint script in the .docker folder.

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/GlobalExceptionHandler.java

@@ -2,13 +2,12 @@
 
 
 import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorDetails;
-import com.patternknife.securityhelper.oauth2.config.response.error.exception.ErrorMessagesContainedExceptionForSecurityAuthentication;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.auth.*;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.data.*;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.file.FileNotFoundException;
 import com.patternknife.securityhelper.oauth2.config.response.error.exception.payload.SearchFilterException;
 import com.patternknife.securityhelper.oauth2.config.response.error.message.GeneralErrorMessage;
-import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityExceptionMessage;
+import com.patternknife.securityhelper.oauth2.config.response.error.message.SecurityUserExceptionMessage;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.ConstraintViolationException;
 import org.springframework.core.Ordered;
@@ -43,15 +42,15 @@ public class GlobalExceptionHandler {
     *   General
     * */
     // Login Failure
-    @ExceptionHandler({InsufficientAuthenticationException.class, UnauthenticatedException.class, AuthenticationException.class})
+    @ExceptionHandler({InsufficientAuthenticationException.class, CustomOauth2AuthenticationException.class, AuthenticationException.class})
     public ResponseEntity<?> authenticationException(Exception ex, WebRequest request) {
         ErrorDetails errorDetails;
-        if(ex instanceof ErrorMessagesContainedExceptionForSecurityAuthentication && ((ErrorMessagesContainedExceptionForSecurityAuthentication) ex).getErrorMessages() != null) {
-            errorDetails = new ErrorDetails(((ErrorMessagesContainedExceptionForSecurityAuthentication) ex).getErrorMessages(),
+        if(ex instanceof CustomOauth2AuthenticationException && ((CustomOauth2AuthenticationException) ex).getErrorMessages() != null) {
+            errorDetails = new ErrorDetails(((CustomOauth2AuthenticationException) ex).getErrorMessages(),
                     ex, request.getDescription(false), CustomExceptionUtils.getAllStackTraces(ex),
                     CustomExceptionUtils.getAllCauses(ex), null);
         }else {
-            errorDetails = new ErrorDetails(CustomExceptionUtils.getAllCauses(ex), request.getDescription(false), SecurityExceptionMessage.AUTHENTICATION_FAILURE.getMessage(),
+            errorDetails = new ErrorDetails(CustomExceptionUtils.getAllCauses(ex), request.getDescription(false), SecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE.getMessage(),
                     ex.getMessage(), ex.getStackTrace()[0].toString());
         }
         return new ResponseEntity<>(errorDetails, HttpStatus.UNAUTHORIZED);
@@ -60,13 +59,13 @@ public ResponseEntity<?> authenticationException(Exception ex, WebRequest reques
     @ExceptionHandler({UnauthorizedException.class, AccessDeniedException.class, DisabledException.class})
     public ResponseEntity<?> authorizationException(Exception ex, WebRequest request) {
         ErrorDetails errorDetails = new ErrorDetails(ex.getMessage() != null ? ex.getMessage() : CustomExceptionUtils.getAllCauses(ex), request.getDescription(false),
-                ex.getMessage() == null || ex.getMessage().equals("Access Denied") ? SecurityExceptionMessage.AUTHORIZATION_FAILURE.getMessage() : ex.getMessage(), ex.getStackTrace()[0].toString());
+                ex.getMessage() == null || ex.getMessage().equals("Access Denied") ? SecurityUserExceptionMessage.AUTHORIZATION_FAILURE.getMessage() : ex.getMessage(), ex.getStackTrace()[0].toString());
         return new ResponseEntity<>(errorDetails, HttpStatus.FORBIDDEN);
     }
     // Custom or Admin
     @ExceptionHandler({CustomAuthGuardException.class})
     public ResponseEntity<?> customAuthorizationException(Exception ex, WebRequest request) {
-        ErrorDetails errorDetails = new ErrorDetails(CustomExceptionUtils.getAllCauses(ex), request.getDescription(false), SecurityExceptionMessage.AUTHORIZATION_FAILURE.getMessage(),
+        ErrorDetails errorDetails = new ErrorDetails(CustomExceptionUtils.getAllCauses(ex), request.getDescription(false), SecurityUserExceptionMessage.AUTHORIZATION_FAILURE.getMessage(),
                 ex.getMessage(), ex.getStackTrace()[0].toString());
         return new ResponseEntity<>(errorDetails, HttpStatus.FORBIDDEN);
     }

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/ErrorMessagesContainedExceptionForSecurityAuthentication.java

@@ -1,11 +1,5 @@
 package com.patternknife.securityhelper.oauth2.config.response.error.exception.auth;
 
-import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.ResponseStatus;
-
-// UNAUTHORIZED : 401
-// FORBIDDEN : 403
-@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
 public class AlreadySocialRegisteredException extends RuntimeException {
     public AlreadySocialRegisteredException(String message) {
         super(message);

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/auth/AlreadySocialRegisteredException.java

@@ -0,0 +1,25 @@
+package com.patternknife.securityhelper.oauth2.config.response.error.exception.auth;
+
+import com.patternknife.securityhelper.oauth2.config.logger.dto.ErrorMessages;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+
+public class CustomOauth2AuthenticationException extends OAuth2AuthenticationException {
+    protected ErrorMessages errorMessages;
+
+    public CustomOauth2AuthenticationException(){
+        super("Default");
+    }
+    public CustomOauth2AuthenticationException(String message){
+        super(message);
+        errorMessages = ErrorMessages.builder().userMessage(message).message(message).build();
+    }
+
+    public CustomOauth2AuthenticationException(ErrorMessages errorMessages){
+        super(errorMessages.getMessage());
+        this.errorMessages = errorMessages;
+    }
+    public ErrorMessages getErrorMessages() {
+        return errorMessages;
+    }
+
+}

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/auth/CustomOauth2AuthenticationException.java

@@ -1,7 +1,9 @@
 package com.patternknife.securityhelper.oauth2.config.response.error.exception.auth;
 
 
-public class OtpValueUnauthorizedException extends RuntimeException {
+import org.springframework.security.core.AuthenticationException;
+
+public class OtpValueUnauthorizedException extends AuthenticationException {
     public OtpValueUnauthorizedException(String message) {
         super(message);
     }

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/auth/OtpValueUnauthorizedException.java

@@ -4,7 +4,7 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 
 
-@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
+@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
 public class SocialEmailNotProvidedException extends RuntimeException {
     public SocialEmailNotProvidedException(String message) {
         super(message);

src/main/java/com/patternknife/securityhelper/oauth2/config/response/error/exception/auth/SocialEmailNotProvidedException.java

@@ -1,12 +1,9 @@
 package com.patternknife.securityhelper.oauth2.config.response.error.exception.auth;
 
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 
-@ResponseStatus(value = HttpStatus.FORBIDDEN)
-public class UserDeletedException extends AccessDeniedException {
+public class UserDeletedException extends UsernameNotFoundException {
     public UserDeletedException(String message) {
         super(message);
     }