hlaeja-old/hlaeja-management
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add UserAccessDeniedHandler make 404 on 401

Browse Source
This commit is contained in:
Mr. Swordsteel
2025-07-31 22:46:45 +02:00
committed by swordsteel
parent eeebec01b5
commit a3c2733d0b
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/ltd/hlaeja/configuration/SecurityConfiguration.kt
View File

@@ -1,6 +1,7 @@
package ltd.hlaeja.configuration
import ltd.hlaeja.security.handler.CsrfAccessDeniedHandler
import ltd.hlaeja.security.handler.UserAccessDeniedHandler
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpStatus.FOUND
@@ -17,6 +18,7 @@ class SecurityConfiguration {
@Bean
fun securityWebFilterChain(serverHttpSecurity: ServerHttpSecurity): SecurityWebFilterChain = serverHttpSecurity
.csrf { it.accessDeniedHandler(CsrfAccessDeniedHandler()) }
.exceptionHandling { it.accessDeniedHandler(UserAccessDeniedHandler()) }
.authorizeExchange(::authorizeExchange)
.formLogin(::formLogin)
.logout(::logout)

15
src/main/kotlin/ltd/hlaeja/security/handler/UserAccessDeniedHandler.kt Normal file
View File

@@ -0,0 +1,15 @@
package ltd.hlaeja.security.handler
import org.springframework.http.HttpStatus.NOT_FOUND
import org.springframework.security.access.AccessDeniedException
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
import org.springframework.web.server.ResponseStatusException
import org.springframework.web.server.ServerWebExchange
import reactor.core.publisher.Mono
class UserAccessDeniedHandler : ServerAccessDeniedHandler {
override fun handle(
exchange: ServerWebExchange,
denied: AccessDeniedException,
): Mono<Void> = Mono.error(ResponseStatusException(NOT_FOUND, "Access denied ${exchange.request.path}", denied))
}