problem-spring-web: Throwing AccessDeniedException creates problem with different status in version 0.23.0 vs 0.24.0

Version 0.23.0 and 0.24.0 returns different status for AccessDeniedException

Description

When AccessDeniedException is thrown in version 0.23.0, I get the following response:

{"title":"Forbidden","status":403,"detail":"Access Denied: Failed"}

When problem-spring-web is updated to version 0.24.0, the response I get is:

{"title":"Internal Server Error","status":500,"detail":"Access Denied: Failed"}

Expected Behavior

The expected response is

{"title":"Forbidden","status":403,"detail":"Access Denied: Failed"}

Actual Behavior

Actual response is

{"title":"Internal Server Error","status":500,"detail":"Access Denied: Failed"}

Steps to Reproduce

Spring Boot 2.1.5 application with spring-boot-starter-web and spring-boot-starter-security and problem-spring-web (mvc) 0.24.0
RestController containing

    @GetMapping("/fail")
    public String fail()
    {
        throw new AccessDeniedException("Access Denied: Failed");
    }

    @PreAuthorize("denyAll()")
    @GetMapping("/fail2")
    public String fail2()
    {
        return "Should not reach this part";
    }

Access the endpoint

Context

Just sticking to version 0.23.0 for now

Your Environment

Problem-Spring-Web Version used: 0.24.0
Spring Boot 2.1.5

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 17

Most upvoted comments

If I have two ControllerAdvice such as

@ControllerAdvice
public class ExceptionHandler implements ProblemHandling
{
}

and

@ControllerAdvice
public class SecurityExceptionHandler implements SecurityAdviceTrait
{
}

then the Internal Error result is generated but when I only have one ControllerAdvice such as

@ControllerAdvice
public class ExceptionHandler implements ProblemHandling, SecurityAdviceTrait
{
}

I get the Forbidden result.

exst-esolis on Jun 19, 2019