diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java index c5c639a2e4..72e2b82919 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java @@ -15,6 +15,7 @@ */ package org.springframework.security.oauth2.client.web; +import org.springframework.http.HttpStatus; import org.springframework.security.crypto.keygen.StringKeyGenerator; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; @@ -148,7 +149,7 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter if (logger.isDebugEnabled()) { logger.debug("Authorization Request failed: " + failed.toString(), failed); } - response.sendError(HttpServletResponse.SC_BAD_REQUEST, failed.getMessage()); + response.sendError(HttpStatus.BAD_REQUEST.value(), HttpStatus.BAD_REQUEST.getReasonPhrase()); } private String expandRedirectUri(HttpServletRequest request, ClientRegistration clientRegistration) { diff --git a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java index 84ec0b2eaa..8a6819904e 100644 --- a/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java +++ b/web/src/main/java/org/springframework/security/web/access/AccessDeniedHandlerImpl.java @@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.web.WebAttributes; @@ -65,15 +66,15 @@ public class AccessDeniedHandlerImpl implements AccessDeniedHandler { accessDeniedException); // Set the 403 status code. - response.setStatus(HttpServletResponse.SC_FORBIDDEN); + response.setStatus(HttpStatus.FORBIDDEN.value()); // forward to error page. RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage); dispatcher.forward(request, response); } else { - response.sendError(HttpServletResponse.SC_FORBIDDEN, - accessDeniedException.getMessage()); + response.sendError(HttpStatus.FORBIDDEN.value(), + HttpStatus.FORBIDDEN.getReasonPhrase()); } } } diff --git a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java index 64baceb6a9..2b1e5e35ec 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java +++ b/web/src/main/java/org/springframework/security/web/authentication/SimpleUrlAuthenticationFailureHandler.java @@ -24,6 +24,7 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.WebAttributes; import org.springframework.security.web.DefaultRedirectStrategy; @@ -74,8 +75,8 @@ public class SimpleUrlAuthenticationFailureHandler implements if (defaultFailureUrl == null) { logger.debug("No failure URL set, sending 401 Unauthorized error"); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, - "Authentication Failed: " + exception.getMessage()); + response.sendError(HttpStatus.UNAUTHORIZED.value(), + HttpStatus.UNAUTHORIZED.getReasonPhrase()); } else { saveException(request, exception); diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java index 13c054c56e..dfb847ca95 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPoint.java @@ -22,6 +22,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.beans.factory.InitializingBean; @@ -57,8 +58,7 @@ public class BasicAuthenticationEntryPoint implements AuthenticationEntryPoint, public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { response.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\""); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, - authException.getMessage()); + response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase()); } public String getRealmName() { diff --git a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java index abfc06d74d..cf7f4e1e39 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java +++ b/web/src/main/java/org/springframework/security/web/authentication/www/DigestAuthenticationEntryPoint.java @@ -27,6 +27,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.InitializingBean; import org.springframework.core.Ordered; +import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; @@ -109,8 +110,8 @@ public class DigestAuthenticationEntryPoint implements AuthenticationEntryPoint, } httpResponse.addHeader("WWW-Authenticate", authenticateHeader); - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, - authException.getMessage()); + httpResponse.sendError(HttpStatus.UNAUTHORIZED.value(), + HttpStatus.UNAUTHORIZED.getReasonPhrase()); } public String getKey() { diff --git a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java index 637497da33..2e255fcacf 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/www/BasicAuthenticationEntryPointTests.java @@ -18,6 +18,7 @@ package org.springframework.security.web.authentication.www; import org.junit.Test; +import org.springframework.http.HttpStatus; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.authentication.DisabledException; @@ -65,11 +66,10 @@ public class BasicAuthenticationEntryPointTests { // ep.afterPropertiesSet(); - String msg = "These are the jokes kid"; - ep.commence(request, response, new DisabledException(msg)); + ep.commence(request, response, new DisabledException("These are the jokes kid")); assertThat(response.getStatus()).isEqualTo(401); - assertThat(response.getErrorMessage()).isEqualTo(msg); + assertThat(response.getErrorMessage()).isEqualTo(HttpStatus.UNAUTHORIZED.getReasonPhrase()); assertThat(response.getHeader("WWW-Authenticate")) .isEqualTo("Basic realm=\"hello\"");