Commit 1d7cf30a authored by Matija Obreza's avatar Matija Obreza

Security-related errors use correct HTTP response codes

parent 4cd51fb4
......@@ -80,7 +80,7 @@ public class ApiExceptionHandler {
* @param request the request
* @return the api error
*/
@ResponseStatus(code = HttpStatus.FORBIDDEN)
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
@ExceptionHandler({ AuthenticationCredentialsNotFoundException.class })
@ResponseBody
public ApiError<Exception> handleMissingCredentials(final Exception e, final WebRequest request) {
......@@ -95,11 +95,11 @@ public class ApiExceptionHandler {
* @param request the request
* @return the api error
*/
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
@ResponseStatus(code = HttpStatus.FORBIDDEN)
@ExceptionHandler({ AccessDeniedException.class })
@ResponseBody
public ApiError<Exception> handleAccessDenied(final Exception e, final HttpServletRequest request) {
LOG.warn("Authentication is required {} {}", request.getMethod(), request.getRequestURL());
LOG.warn("Access denied {} {}", request.getMethod(), request.getRequestURL());
return new ApiError<>(e);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment