Merge pull request #99 from wimdeblauwe/feature/gh-97

Map AuthorizationDeniedException to 403 Forbidden by default
wimdeblauwe · Sep 12, 2024 · fd48d4b · fd48d4b
2 parents ae76a46 + 205c388
commit fd48d4b
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.0.0</version>
+        <version>3.3.3</version>
         <relativePath /> <!-- lookup parent from repository -->
     </parent>
     <groupId>io.github.wimdeblauwe</groupId>

diff --git a/...wimdeblauwe/errorhandlingspringbootstarter/handler/SpringSecurityApiExceptionHandler.java b/...wimdeblauwe/errorhandlingspringbootstarter/handler/SpringSecurityApiExceptionHandler.java
@@ -8,6 +8,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.*;
+import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
 import java.util.HashMap;
@@ -22,6 +23,7 @@ public class SpringSecurityApiExceptionHandler extends AbstractApiExceptionHandl
     static {
         EXCEPTION_TO_STATUS_MAPPING = new HashMap<>();
         EXCEPTION_TO_STATUS_MAPPING.put(AccessDeniedException.class, FORBIDDEN);
+        EXCEPTION_TO_STATUS_MAPPING.put(AuthorizationDeniedException.class, FORBIDDEN);
         EXCEPTION_TO_STATUS_MAPPING.put(AccountExpiredException.class, BAD_REQUEST);
         EXCEPTION_TO_STATUS_MAPPING.put(AuthenticationCredentialsNotFoundException.class, UNAUTHORIZED);
         EXCEPTION_TO_STATUS_MAPPING.put(AuthenticationServiceException.class, INTERNAL_SERVER_ERROR);

diff --git a/...ithub/wimdeblauwe/errorhandlingspringbootstarter/handler/BindApiExceptionHandlerTest.java b/...ithub/wimdeblauwe/errorhandlingspringbootstarter/handler/BindApiExceptionHandlerTest.java
@@ -129,11 +129,11 @@ void testObjectValidationWithMessageOverride(@Autowired ErrorHandlingProperties
     @Test
     @WithMockUser
     void testTopLevelCodeOverride(@Autowired ErrorHandlingProperties properties) throws Exception {
-        properties.getCodes().put("org.springframework.validation.BindException", "BIND_FAILED");
+        properties.getCodes().put("org.springframework.web.bind.MethodArgumentNotValidException", "METHOD_ARG_NOT_VALID");
         mockMvc.perform(MockMvcRequestBuilders.get("/test/field-validation")
                                               .queryParam("param1", "foo"))
                .andExpect(status().isBadRequest())
-               .andExpect(jsonPath("code").value("BIND_FAILED"))
+               .andExpect(jsonPath("code").value("METHOD_ARG_NOT_VALID"))
                .andExpect(jsonPath("fieldErrors", hasSize(1)))
                .andExpect(jsonPath("fieldErrors[0].code").value("REQUIRED_NOT_NULL"))
                .andExpect(jsonPath("fieldErrors[0].message").value("must not be null"))
@@ -146,12 +146,12 @@ void testTopLevelCodeOverride(@Autowired ErrorHandlingProperties properties) thr
     @Test
     @WithMockUser
     void testDisableAddingPath(@Autowired ErrorHandlingProperties properties) throws Exception {
-        properties.getCodes().put("org.springframework.validation.BindException", "BIND_FAILED");
+        properties.getCodes().put("org.springframework.web.bind.MethodArgumentNotValidException", "METHOD_ARG_NOT_VALID");
         properties.setAddPathToError(false);
         mockMvc.perform(MockMvcRequestBuilders.get("/test/field-validation")
                                               .queryParam("param1", "foo"))
                .andExpect(status().isBadRequest())
-               .andExpect(jsonPath("code").value("BIND_FAILED"))
+               .andExpect(jsonPath("code").value("METHOD_ARG_NOT_VALID"))
                .andExpect(jsonPath("fieldErrors", hasSize(1)))
                .andExpect(jsonPath("fieldErrors[0].code").value("REQUIRED_NOT_NULL"))
                .andExpect(jsonPath("fieldErrors[0].message").value("must not be null"))

diff --git a/...eblauwe/errorhandlingspringbootstarter/handler/SpringSecurityApiExceptionHandlerTest.java b/...eblauwe/errorhandlingspringbootstarter/handler/SpringSecurityApiExceptionHandlerTest.java
@@ -53,7 +53,7 @@ void testForbiddenViaSecuredAnnotation() throws Exception {
         mockMvc.perform(get("/test/spring-security/admin"))
                .andExpect(status().isForbidden())
                .andExpect(header().string("Content-Type", "application/json"))
-               .andExpect(jsonPath("code").value("ACCESS_DENIED"))
+               .andExpect(jsonPath("code").value("AUTHORIZATION_DENIED"))
                .andExpect(jsonPath("message").value("Access Denied"));
     }