Return 401 when JWT auth fails

2026-02-21 14:30:59 +08:00 · 2025-06-30 18:54:22 +08:00
parent 17d4af229d
commit 150ef6148e
1 changed files with 10 additions and 1 deletions
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -82,8 +82,17 @@ public class SecurityConfig {
                        UserDetails userDetails = userDetailsService().loadUserByUsername(username);
                        UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                        org.springframework.security.core.context.SecurityContextHolder.getContext().setAuthentication(authToken);
-                    } catch (Exception ignored) {
+                    } catch (Exception e) {
+                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                        response.setContentType("application/json");
+                        response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
+                        return;
                    }
+                } else if (!request.getRequestURI().startsWith("/api/auth")) {
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setContentType("application/json");
+                    response.getWriter().write("{\"error\": \"Missing token\"}");
+                    return;
                }
                filterChain.doFilter(request, response);
            }