Commit 8f2d9b43 authored by Matija Obreza's avatar Matija Obreza
Browse files

Security-related errors use correct HTTP response codes

parent e35c26d0
...@@ -77,7 +77,7 @@ public class ApiExceptionHandler { ...@@ -77,7 +77,7 @@ public class ApiExceptionHandler {
* @param request the request * @param request the request
* @return the api error * @return the api error
*/ */
@ResponseStatus(code = HttpStatus.FORBIDDEN) @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
@ExceptionHandler({ AuthenticationCredentialsNotFoundException.class }) @ExceptionHandler({ AuthenticationCredentialsNotFoundException.class })
@ResponseBody @ResponseBody
public ApiError<Exception> handleMissingCredentials(final Exception e, final WebRequest request) { public ApiError<Exception> handleMissingCredentials(final Exception e, final WebRequest request) {
...@@ -92,11 +92,11 @@ public class ApiExceptionHandler { ...@@ -92,11 +92,11 @@ public class ApiExceptionHandler {
* @param request the request * @param request the request
* @return the api error * @return the api error
*/ */
@ResponseStatus(code = HttpStatus.UNAUTHORIZED) @ResponseStatus(code = HttpStatus.FORBIDDEN)
@ExceptionHandler({ AccessDeniedException.class }) @ExceptionHandler({ AccessDeniedException.class })
@ResponseBody @ResponseBody
public ApiError<Exception> handleAccessDenied(final Exception e, final HttpServletRequest request) { public ApiError<Exception> handleAccessDenied(final Exception e, final HttpServletRequest request) {
LOG.warn("Authentication is required {} {}", request.getMethod(), request.getRequestURL()); LOG.warn("Access deined {} {}", request.getMethod(), request.getRequestURL());
return new ApiError<>(e); return new ApiError<>(e);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment