Return JSON error if user hasn't rights
Closed this issue · 3 comments
romach commented
JSON error should be returned if user hasn't admin rights (for example if enter /admin**
, /users/*/events
as subscriber
).
This issue was creatd while task #130 execution.
witjem commented
Spring Security return
Status = 401 Error; message = Unauthorized; body =
After that server (tomcat, jetty) generate own Response Body.
If we wanna get JSON error message into Response Body we have to create own error Handler
@romach do you agree?
@AndriyBaibak: 1:30
romach commented
@roma-ilnitsky as I know when user hasn't rights to enter /admin**
:
- Spring Security generates
AccessDeniedException
; - using
ExceptionTranslationFilter
it delegates this exception toAccessDeniedHandlerImpl
. - so, we need to create custom
AccessDeniedHandler
;