diff --git a/codiki-exposition/src/main/java/org/codiki/exposition/configuration/GlobalControllerExceptionHandler.java b/codiki-exposition/src/main/java/org/codiki/exposition/configuration/GlobalControllerExceptionHandler.java index fd04a1c..b39f56b 100644 --- a/codiki-exposition/src/main/java/org/codiki/exposition/configuration/GlobalControllerExceptionHandler.java +++ b/codiki-exposition/src/main/java/org/codiki/exposition/configuration/GlobalControllerExceptionHandler.java @@ -2,7 +2,6 @@ package org.codiki.exposition.configuration; import static org.springframework.http.HttpStatus.BAD_REQUEST; import static org.springframework.http.HttpStatus.FORBIDDEN; -import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR; import static org.springframework.http.HttpStatus.NOT_FOUND; import static org.springframework.http.HttpStatus.UNAUTHORIZED; import org.codiki.domain.category.exception.CategoryDeletionException; @@ -17,82 +16,52 @@ import org.codiki.domain.picture.exception.PictureUploadException; import org.codiki.domain.publication.exception.PublicationEditionException; import org.codiki.domain.publication.exception.PublicationNotFoundException; import org.codiki.domain.publication.exception.PublicationUpdateForbiddenException; -import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.http.HttpStatus; +import org.springframework.http.ProblemDetail; import org.springframework.web.bind.annotation.ExceptionHandler; -import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.bind.annotation.RestControllerAdvice; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; -@ControllerAdvice -public class GlobalControllerExceptionHandler { - - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(LoginFailureException.class) - public void handleLoginFailureException() { - // Do nothing. +@RestControllerAdvice +public class GlobalControllerExceptionHandler extends ResponseEntityExceptionHandler { + @ExceptionHandler({ + CategoryDeletionException.class, + CategoryEditionException.class, + CategoryNotFoundException.class, + LoginFailureException.class, + PublicationEditionException.class, + PictureUploadException.class + }) + public ProblemDetail handleBadRequestExceptions(Exception exception) { + return buildProblemDetail(BAD_REQUEST, exception); } - @ResponseStatus(NOT_FOUND) - @ExceptionHandler(UserDoesNotExistException.class) - public void handleUserDoesNotExistException() { - // Do nothing. + @ExceptionHandler({ + UserDoesNotExistException.class, + RefreshTokenDoesNotExistException.class, + PublicationNotFoundException.class, + PictureNotFoundException.class + }) + public ProblemDetail handleNotFoundExceptions(Exception exception) { + return buildProblemDetail(NOT_FOUND, exception); } - @ResponseStatus(NOT_FOUND) - @ExceptionHandler(RefreshTokenDoesNotExistException.class) - public void handleRefreshTokenDoesNotExistException() { - // Do nothing. + @ExceptionHandler({ + RefreshTokenExpiredException.class + }) + public ProblemDetail handleUnauthorizedExceptions(Exception exception) { + return buildProblemDetail(UNAUTHORIZED, exception); } - @ResponseStatus(UNAUTHORIZED) - @ExceptionHandler(RefreshTokenExpiredException.class) - public void handleRefreshTokenExpiredException() { - // Do nothing. + @ExceptionHandler({ + PublicationUpdateForbiddenException.class + }) + public ProblemDetail handleForbiddenExceptions(Exception exception) { + return buildProblemDetail(FORBIDDEN, exception); } - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(CategoryNotFoundException.class) - public void handleCategoryNotFoundException() { - // Do nothing. + private static ProblemDetail buildProblemDetail(HttpStatus forbidden, Exception exception) { + return ProblemDetail.forStatusAndDetail(forbidden, exception.getMessage()); } - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(PublicationEditionException.class) - public void handlePublicationEditionException() { - // Do nothing. - } - - @ResponseStatus(NOT_FOUND) - @ExceptionHandler(PublicationNotFoundException.class) - public void handlePublicationNotFoundException() { - // Do nothing. - } - - @ResponseStatus(FORBIDDEN) - @ExceptionHandler(PublicationUpdateForbiddenException.class) - public void handlePublicationUpdateForbiddenException() { - // Do nothing. - } - - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(CategoryEditionException.class) - public void handleCategoryEditionException() { - // Do nothing. - } - - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(CategoryDeletionException.class) - public void handleCategoryDeletionException() { - // Do nothing. - } - - @ResponseStatus(BAD_REQUEST) - @ExceptionHandler(PictureUploadException.class) - public void handlePictureUploadException() { - // Do nothing. - } - - @ResponseStatus(NOT_FOUND) - @ExceptionHandler(PictureNotFoundException.class) - public void handlePictureNotFoundException() { - // Do nothing. - } } diff --git a/codiki-exposition/src/main/java/org/codiki/exposition/configuration/security/SecurityConfiguration.java b/codiki-exposition/src/main/java/org/codiki/exposition/configuration/security/SecurityConfiguration.java index 72f9322..40e93f7 100644 --- a/codiki-exposition/src/main/java/org/codiki/exposition/configuration/security/SecurityConfiguration.java +++ b/codiki-exposition/src/main/java/org/codiki/exposition/configuration/security/SecurityConfiguration.java @@ -6,6 +6,7 @@ import static org.springframework.http.HttpMethod.OPTIONS; import static org.springframework.http.HttpMethod.POST; import static org.springframework.http.HttpMethod.PUT; import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS; +import org.codiki.domain.user.model.UserRole; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; @@ -55,15 +56,15 @@ public class SecurityConfiguration { .requestMatchers( POST, "/api/categories" - ).hasRole("ADMIN") + ).hasRole(UserRole.ADMIN.name()) .requestMatchers( PUT, "/api/categories/{categoryId}" - ).hasRole("ADMIN") + ).hasRole(UserRole.ADMIN.name()) .requestMatchers( DELETE, "/api/categories/{categoryId}" - ).hasRole("ADMIN") + ).hasRole(UserRole.ADMIN.name()) .requestMatchers(OPTIONS).permitAll() .anyRequest().authenticated() );