fix jwt handler to return proper error codes
This commit is contained in:
@@ -64,6 +64,12 @@ public class SecurityConfig {
|
||||
.requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
|
||||
.requestMatchers(HttpMethod.GET, "/api/sites/**").authenticated()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.exceptionHandling(ex -> ex
|
||||
.authenticationEntryPoint((request, response, authException) ->
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"))
|
||||
.accessDeniedHandler((request, response, accessDeniedException) ->
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Forbidden"))
|
||||
);
|
||||
|
||||
if (isOAuth2Configured()) {
|
||||
@@ -128,6 +134,9 @@ public class SecurityConfig {
|
||||
} catch (Exception e) {
|
||||
org.springframework.security.core.context.SecurityContextHolder
|
||||
.clearContext();
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
|
||||
"Invalid or expired token");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user