diff --git a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt index 977bf01..71a6bc5 100644 --- a/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt +++ b/src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt @@ -1,6 +1,7 @@ package ltd.hlaeja.configuration import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler +import ltd.hlaeja.security.handler.UserAccessDeniedHandler import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.http.HttpStatus.FOUND @@ -17,6 +18,7 @@ class SecurityConfiguration { @Bean fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity .csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) } + .exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) } .authorizeExchange(::authorizeExchange) .formLogin(::formLogin) .logout(::logout) diff --git a/src/main/kotlin/ltd/hlaeja/security/handler/UserAccessDeniedHandler.kt b/src/main/kotlin/ltd/hlaeja/security/handler/UserAccessDeniedHandler.kt new file mode 100644 index 0000000..4771b44 --- /dev/null +++ b/src/main/kotlin/ltd/hlaeja/security/handler/UserAccessDeniedHandler.kt @@ -0,0 +1,15 @@ +package ltd.hlaeja.security.handler + +import org.springframework.http.HttpStatus.NOT_FOUND +import org.springframework.security.access.AccessDeniedException +import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler +import org.springframework.web.server.ResponseStatusException +import org.springframework.web.server.ServerWebExchange +import reactor.core.publisher.Mono + +class UserAccessDeniedHandler : ServerAccessDeniedHandler { + override fun handle( + exchange: ServerWebExchange, + denied: AccessDeniedException, + ): Mono = Mono.error(ResponseStatusException(NOT_FOUND, "Access denied ${exchange.request.path}", denied)) +}