problem-spring-web: Throwing AccessDeniedException creates problem with different status in version 0.23.0 vs 0.24.0
Version 0.23.0 and 0.24.0 returns different status for AccessDeniedException
Description
When AccessDeniedException is thrown in version 0.23.0, I get the following response:
{"title":"Forbidden","status":403,"detail":"Access Denied: Failed"}
When problem-spring-web is updated to version 0.24.0, the response I get is:
{"title":"Internal Server Error","status":500,"detail":"Access Denied: Failed"}
Expected Behavior
The expected response is
{"title":"Forbidden","status":403,"detail":"Access Denied: Failed"}
Actual Behavior
Actual response is
{"title":"Internal Server Error","status":500,"detail":"Access Denied: Failed"}
Steps to Reproduce
- Spring Boot 2.1.5 application with spring-boot-starter-web and spring-boot-starter-security and problem-spring-web (mvc) 0.24.0
- RestController containing
@GetMapping("/fail")
public String fail()
{
throw new AccessDeniedException("Access Denied: Failed");
}
@PreAuthorize("denyAll()")
@GetMapping("/fail2")
public String fail2()
{
return "Should not reach this part";
}
- Access the endpoint
Context
Just sticking to version 0.23.0 for now
Your Environment
- Problem-Spring-Web Version used: 0.24.0
- Spring Boot 2.1.5
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 17
If I have two ControllerAdvice such as
and
then the Internal Error result is generated but when I only have one ControllerAdvice such as
I get the Forbidden result.