json - grails spring security rest status 401 redirect to controller's action to throw custom error message -

json - grails spring security rest status 401 redirect to controller's action to throw custom error message -

we using spring-security-core:2.0-rc4, spring-security-rest:1.4.0 plugin grails 2.4.2. both of them working fine. when user enters invalid credentials, spring-security-rest:1.4.0 plugin gives 401, configured in config.groovy

grails.plugin.springsecurity.rest.login.failurestatuscode = 401

and here little snippet of console output

rest.restauthenticationfilter - actual uri /api/login; endpoint url /api/login rest.restauthenticationfilter - applying authentication filter request credentials.defaultjsonpayloadcredentialsextractor - extracted credentials json payload. username: admin@asdasdmopi.com, password: [protected] rest.restauthenticationfilter - trying authenticate request authentication.providermanager - authentication effort using org.springframework.security.authentication.dao.daoauthenticationprovider dao.daoauthenticationprovider - user 'admin@something.com' not found rest.restauthenticationfilter - authentication failed: bad credentials rest.restauthenticationfailurehandler - setting status code 401 context.httpsessionsecuritycontextrepository - securitycontext empty or contents anonymous - context not stored in httpsession. context.securitycontextpersistencefilter - securitycontextholder cleared, request processing completed

now there no error message or response, status 401 send client. trying send error response when there 401 status.

added next line in urlmappings.groovy

"401"(controller:'unauthorized',action:'senderrorresponse')

created unauthorizedcontroller.groovy , added senderrorresponse() follows

def senderrorresponse() { try{ int errorcode = grailsapplication.config.customexceptions.account.fourzeroone.loginnotauthorized.errorcode int status = grailsapplication.config.customexceptions.account.fourzeroone.loginnotauthorized.status string message = grailsapplication.config.customexceptions.account.fourzeroone.loginnotauthorized.message string extendedmessage = grailsapplication.config.customexceptions.account.fourzeroone.loginnotauthorized.extendedmessage string moreinfo = grailsapplication.config.customexceptions.account.fourzeroone.loginnotauthorized.moreinfo throw new accountexception(status,errorcode,message,extendedmessage,moreinfo) }catch(accountexception e){ log.error e.errorresponse() response.setstatus(e.errorresponse().status) render e.errorresponse() } }

my thinking on 401 controller called , method render error response, doesn't work.

is approach right?

any other best practice or thought implement this?

any pointers in right direction appreciated.

thanks ton.

json rest grails spring-security grails-plugin