Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace dynamic error message with static "Access Denied"

Browse Source 
Closes gh-16514

Signed-off-by: Daeho Kwon <trewq231@naver.com>
This commit is contained in:
Daeho Kwon 2025-02-04 03:36:59 +09:00 committed by Steve Riesenberg
parent 555fe1f147
commit 24b7287d55
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -54,7 +54,7 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa
response.setStatusCode(this.httpStatus);
response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
DataBufferFactory dataBufferFactory = response.bufferFactory();
DataBuffer buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
DataBuffer buffer = dataBufferFactory.wrap("Access Denied".getBytes(Charset.defaultCharset()));
return response.writeWith(Mono.just(buffer)).doOnError((error) -> DataBufferUtils.release(buffer));
});
}

14
web/src/test/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -23,9 +23,9 @@ import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.HttpStatus;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@ -39,7 +39,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
public class HttpStatusServerAccessDeniedHandlerTests {
@Mock
private ServerWebExchange exchange;
private MockServerWebExchange exchange;
private HttpStatus httpStatus = HttpStatus.FORBIDDEN;
@ -62,7 +62,9 @@ public class HttpStatusServerAccessDeniedHandlerTests {
public void commenceWhenSubscribeThenStatusSet() {
this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
this.handler.handle(this.exchange, this.exception).block();
assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
MockServerHttpResponse response = this.exchange.getResponse();
assertThat(response.getStatusCode()).isEqualTo(this.httpStatus);
assertThat(response.getBodyAsString().block()).isEqualTo("Access Denied");
}
@Test
@ -71,7 +73,9 @@ public class HttpStatusServerAccessDeniedHandlerTests {
this.handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus);
this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
this.handler.handle(this.exchange, this.exception).block();
assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
MockServerHttpResponse response = this.exchange.getResponse();
assertThat(response.getStatusCode()).isEqualTo(this.httpStatus);
assertThat(response.getBodyAsString().block()).isEqualTo("Access Denied");
}
}