HttpStatusServerAccessDeniedHandler write error message

9 years ago · 192776858d
3 changed files with 21 additions and 9 deletions
--- a/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
+++ b/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
@ -72,8 +72,7 @@ public class HelloWebfluxMethodApplicationITests {
				@@ -72,8 +72,7 @@ public class HelloWebfluxMethodApplicationITests {
 			.uri("/message")
 			.attributes(robsCredentials())
 			.exchange()
-			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
-			.expectBody().isEmpty();
+			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}

 	@Test
--- a/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
+++ b/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java
@ -77,8 +77,7 @@ public class HelloWebfluxMethodApplicationTests {
				@@ -77,8 +77,7 @@ public class HelloWebfluxMethodApplicationTests {
 			.uri("/message")
 			.attributes(robsCredentials())
 			.exchange()
-			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
-			.expectBody().isEmpty();
+			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}

 	@Test
@ -101,8 +100,7 @@ public class HelloWebfluxMethodApplicationTests {
				@@ -101,8 +100,7 @@ public class HelloWebfluxMethodApplicationTests {
 			.get()
 			.uri("/message")
 			.exchange()
-			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
-			.expectBody().isEmpty();
+			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}

 	@Test
@ -125,8 +123,7 @@ public class HelloWebfluxMethodApplicationTests {
				@@ -125,8 +123,7 @@ public class HelloWebfluxMethodApplicationTests {
 			.get()
 			.uri("/message")
 			.exchange()
-			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
-			.expectBody().isEmpty();
+			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}

 	@Test
--- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@ -16,6 +16,11 @@
				@@ -16,6 +16,11 @@

 package org.springframework.security.web.server.authorization;

+import org.springframework.core.io.buffer.DataBuffer;
+import org.springframework.core.io.buffer.DataBufferFactory;
+import org.springframework.core.io.buffer.DataBufferUtils;
+import org.springframework.http.MediaType;
+import org.springframework.http.server.reactive.ServerHttpResponse;
 import reactor.core.publisher.Mono;

 import org.springframework.http.HttpStatus;
@ -23,6 +28,8 @@ import org.springframework.security.access.AccessDeniedException;
				@@ -23,6 +28,8 @@ import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.Assert;
 import org.springframework.web.server.ServerWebExchange;

+import java.nio.charset.Charset;
+
 /**
 * Sets an HTTP Status that is provided when
 * @author Rob Winch
@ -38,6 +45,15 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa
				@@ -38,6 +45,15 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa

 	@Override
 	public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException e) {
-		return Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN));
+		return Mono.defer(() -> Mono.just(exchange.getResponse()))
+			.flatMap(response -> {
+				response.setStatusCode(HttpStatus.FORBIDDEN);
+				response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
+				DataBufferFactory dataBufferFactory = response.bufferFactory();
+				DataBuffer buffer = dataBufferFactory.wrap(e.getMessage().getBytes(
+					Charset.defaultCharset()));
+				return response.writeWith(Mono.just(buffer))
+					.doOnError( error -> DataBufferUtils.release(buffer));
+		});
 	}
 }