Return 401 for admin access without permission

2026-03-03 18:40:46 +08:00 · 2025-06-30 20:20:27 +08:00
parent 219d2aea7a
commit 82d29dc7cd
2 changed files with 28 additions and 0 deletions
--- a/src/main/java/com/openisle/config/CustomAccessDeniedHandler.java
+++ b/src/main/java/com/openisle/config/CustomAccessDeniedHandler.java
@@ -0,0 +1,25 @@
+package com.openisle.config;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+/**
+ * Returns 401 Unauthorized when an authenticated user lacks required privileges.
+ */
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request,
+                       HttpServletResponse response,
+                       AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType("application/json");
+        response.getWriter().write("{\"error\": \"Unauthorized\"}");
+    }
+}