Return 401 for auth failures and log verify

2026-01-26 21:36:22 +05:30
parent 7ec8d6d350
commit 2c337b8709
2 changed files with 10 additions and 0 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -7,6 +7,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.security.web.authentication.HttpStatusEntryPoint
+import org.springframework.http.HttpStatus

@Configuration(proxyBeanMethods = false)
@EnableMethodSecurity
@@ -22,6 +24,12 @@ class SecurityConfig(
                it.requestMatchers("/", "/health", "/auth/**").permitAll()
                it.anyRequest().authenticated()
            }
+            .exceptionHandling {
+                it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
+                it.accessDeniedHandler { _, response, _ ->
+                    response.sendError(HttpStatus.UNAUTHORIZED.value(), "Unauthorized")
+                }
+            }
            .httpBasic { it.disable() }
            .formLogin { it.disable() }
            .addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java)