Skip to content

Commit

Permalink
Merge pull request #10590 from cBioPortal/feature/Add-Api-401-Back
Browse files Browse the repository at this point in the history 
🔒 Add 401 response when not authorized exception is thrown instead of redirect
  • Loading branch information
@haynescd
haynescd authored Feb 1, 2024
2 parents 24c65b9 + 67dbdcb commit 5dcd3b7
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/main/java/org/cbioportal/security/config/ApiSecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,17 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@ConditionalOnProperty(name = "authenticate", havingValue = {"false", "noauthsessionservice", "optional_oauth2"}, isNot = true)
Expand All @@ -40,8 +43,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, @Nullable Data
.anyRequest().authenticated()
)
.sessionManagement(sessionManagement -> sessionManagement.sessionFixation().migrateSession())
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(restAuthenticationEntryPoint())
.exceptionHandling(eh ->
eh.defaultAuthenticationEntryPointFor(
new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), AntPathRequestMatcher.antMatcher("/api/**")
)
);
// When dat.method is not 'none' and a tokenService bean is present,
// the apiTokenAuthenticationFilter is added to the filter chain.
Expand Down

0 comments on commit 5dcd3b7

Please sign in to comment.