fix jwt handler to return proper error codes

This commit is contained in:
Krrish Ghimire
2026-07-01 10:25:37 +05:45
parent 77b32b4d32
commit 18fed113f9
2 changed files with 83 additions and 5 deletions

View File

@@ -64,6 +64,12 @@ public class SecurityConfig {
.requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/sites/**").authenticated()
.anyRequest().authenticated()
)
.exceptionHandling(ex -> ex
.authenticationEntryPoint((request, response, authException) ->
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"))
.accessDeniedHandler((request, response, accessDeniedException) ->
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Forbidden"))
);
if (isOAuth2Configured()) {
@@ -128,6 +134,9 @@ public class SecurityConfig {
} catch (Exception e) {
org.springframework.security.core.context.SecurityContextHolder
.clearContext();
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Invalid or expired token");
return;
}
}