+ /*
+ * This exception also happens when Spring security denies access to a method
+ * due to missing/wrong roles (granted authorities). Override the method to
+ * answer permission denied, even though that may obscure a genuine developer
+ * error.
+ *
+ * The web request that arrives here has URI /error; how to obtain the URI of
+ * the original request?!?
+ */
+ @Override
+ public final ResponseEntity<Object> handleHttpRequestMethodNotSupported(HttpRequestMethodNotSupportedException ex,
+ HttpHeaders headers, HttpStatus status, WebRequest request) {
+ log.warn("handleHttpRequestMethodNotSupported: answering 'permission denied' for method {}", ex.getMethod());
+ return new ResponseEntity<Object>(new ErrorTransport(HttpStatus.UNAUTHORIZED.value(),
+ "Permission denied for method " + ex.getMethod(), ex), HttpStatus.UNAUTHORIZED);
+ }
+