Commit 8f2d9b43 authored by Matija Obreza's avatar Matija Obreza
Browse files

Security-related errors use correct HTTP response codes

parent e35c26d0
......@@ -77,7 +77,7 @@ public class ApiExceptionHandler {
* @param request the request
* @return the api error
*/
@ResponseStatus(code = HttpStatus.FORBIDDEN)
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
@ExceptionHandler({ AuthenticationCredentialsNotFoundException.class })
@ResponseBody
public ApiError<Exception> handleMissingCredentials(final Exception e, final WebRequest request) {
......@@ -92,11 +92,11 @@ public class ApiExceptionHandler {
* @param request the request
* @return the api error
*/
@ResponseStatus(code = HttpStatus.UNAUTHORIZED)
@ResponseStatus(code = HttpStatus.FORBIDDEN)
@ExceptionHandler({ AccessDeniedException.class })
@ResponseBody
public ApiError<Exception> handleAccessDenied(final Exception e, final HttpServletRequest request) {
LOG.warn("Authentication is required {} {}", request.getMethod(), request.getRequestURL());
LOG.warn("Access deined {} {}", request.getMethod(), request.getRequestURL());
return new ApiError<>(e);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment