Return JSON error if user hasn't rights

JujaLabs / itevents

Resource to subscribe on it events

Apache License 2.0

7 stars 5 forks source link

Return JSON error if user hasn't rights #197

Closed romach closed 8 years ago

romach commented 8 years ago

JSON error should be returned if user hasn't admin rights (for example if enter /admin**, /users/*/events as subscriber). This issue was creatd while task #130 execution.

witjem commented 8 years ago

Spring Security return Status = 401 Error; message = Unauthorized; body = After that server (tomcat, jetty) generate own Response Body. If we wanna get JSON error message into Response Body we have to create own error Handler @romach do you agree? @AndriyBaibak: 1:30

romach commented 8 years ago

@roma-ilnitsky as I know when user hasn't rights to enter /admin**:

Spring Security generates AccessDeniedException;
using ExceptionTranslationFilter it delegates this exception to AccessDeniedHandlerImpl.
so, we need to create custom AccessDeniedHandler;

witjem commented 8 years ago

@romach I change RestAuthenticationEntryPoint it's work fine )