X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fcontroller%2FCustomResponseEntityExceptionHandler.java;h=b1ac2e8fdb90bfef7bc643024789603cc79a7ba5;hb=3f812ea25d352ec33d07f5ffa4c2aa2a77e8e793;hp=062d04fe3d34b64e3aa225d08802717848149b5e;hpb=de17870a15d4ad8bd12828c27950aa681165413b;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/CustomResponseEntityExceptionHandler.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/CustomResponseEntityExceptionHandler.java index 062d04fe..b1ac2e8f 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/CustomResponseEntityExceptionHandler.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/controller/CustomResponseEntityExceptionHandler.java @@ -24,8 +24,10 @@ import java.lang.invoke.MethodHandles; import org.oransc.ric.portal.dashboard.model.ErrorTransport; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.web.HttpRequestMethodNotSupportedException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.client.HttpStatusCodeException; @@ -55,25 +57,45 @@ public class CustomResponseEntityExceptionHandler extends ResponseEntityExceptio // Superclass has "logger" that is exposed here, so use a different name private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - /** + /* * Generates the response when a REST controller method takes an - * HttpStatusCodeException. Confusingly, the container first redirects to /error - * which invokes the - * {@link org.oransc.ric.portal.dashboard.controller.SimpleErrorController} - * method, and that response arrives here as the response body. + * HttpStatusCodeException. + * + * It appears that the container internally redirects to /error because the web + * request that arrives here has URI /error, and {@link + * org.oransc.ric.portal.dashboard.controller.SimpleErrorController} runs before + * this. + * + * @param ex The exception + * + * @param request The original request * - * @param ex - * The exception - * @param request - * The orignal request * @return A response entity with status code 502 plus some details in the body. */ @ExceptionHandler(HttpStatusCodeException.class) public final ResponseEntity handleHttpStatusCodeException(HttpStatusCodeException ex, WebRequest request) { - log.warn("Request {} failed, status code {}", request.getDescription(false), ex.getStatusCode()); + log.warn("handleHttpStatusCodeException: request {}, status code {}", request.getDescription(false), + ex.getStatusCode()); return new ResponseEntity<>(new ErrorTransport(ex.getRawStatusCode(), ex.getResponseBodyAsString(), ex), HttpStatus.BAD_GATEWAY); } + /* + * This exception also happens when Spring security denies access to a method + * due to missing/wrong roles (granted authorities). Override the method to + * answer permission denied, even though that may obscure a genuine developer + * error. + * + * The web request that arrives here has URI /error; how to obtain the URI of + * the original request?!? + */ + @Override + public final ResponseEntity handleHttpRequestMethodNotSupported(HttpRequestMethodNotSupportedException ex, + HttpHeaders headers, HttpStatus status, WebRequest request) { + log.warn("handleHttpRequestMethodNotSupported: answering 'permission denied' for method {}", ex.getMethod()); + return new ResponseEntity(new ErrorTransport(HttpStatus.UNAUTHORIZED.value(), + "Permission denied for method " + ex.getMethod(), ex), HttpStatus.UNAUTHORIZED); + } + }