diff --git a/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java b/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java index 6bbf2136a3..037a2ebe71 100644 --- a/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java +++ b/samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java @@ -72,8 +72,7 @@ public class HelloWebfluxMethodApplicationITests { .uri("/message") .attributes(robsCredentials()) .exchange() - .expectStatus().isEqualTo(HttpStatus.FORBIDDEN) - .expectBody().isEmpty(); + .expectStatus().isEqualTo(HttpStatus.FORBIDDEN); } @Test diff --git a/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java b/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java index 92275d3d73..593880ae2d 100644 --- a/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java +++ b/samples/javaconfig/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java @@ -77,8 +77,7 @@ public class HelloWebfluxMethodApplicationTests { .uri("/message") .attributes(robsCredentials()) .exchange() - .expectStatus().isEqualTo(HttpStatus.FORBIDDEN) - .expectBody().isEmpty(); + .expectStatus().isEqualTo(HttpStatus.FORBIDDEN); } @Test @@ -101,8 +100,7 @@ public class HelloWebfluxMethodApplicationTests { .get() .uri("/message") .exchange() - .expectStatus().isEqualTo(HttpStatus.FORBIDDEN) - .expectBody().isEmpty(); + .expectStatus().isEqualTo(HttpStatus.FORBIDDEN); } @Test @@ -125,8 +123,7 @@ public class HelloWebfluxMethodApplicationTests { .get() .uri("/message") .exchange() - .expectStatus().isEqualTo(HttpStatus.FORBIDDEN) - .expectBody().isEmpty(); + .expectStatus().isEqualTo(HttpStatus.FORBIDDEN); } @Test diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java index a899408331..3bc6d383df 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java @@ -16,6 +16,11 @@ package org.springframework.security.web.server.authorization; +import org.springframework.core.io.buffer.DataBuffer; +import org.springframework.core.io.buffer.DataBufferFactory; +import org.springframework.core.io.buffer.DataBufferUtils; +import org.springframework.http.MediaType; +import org.springframework.http.server.reactive.ServerHttpResponse; import reactor.core.publisher.Mono; import org.springframework.http.HttpStatus; @@ -23,6 +28,8 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.util.Assert; import org.springframework.web.server.ServerWebExchange; +import java.nio.charset.Charset; + /** * Sets an HTTP Status that is provided when * @author Rob Winch @@ -38,6 +45,15 @@ public class HttpStatusServerAccessDeniedHandler implements ServerAccessDeniedHa @Override public Mono handle(ServerWebExchange exchange, AccessDeniedException e) { - return Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN)); + return Mono.defer(() -> Mono.just(exchange.getResponse())) + .flatMap(response -> { + response.setStatusCode(HttpStatus.FORBIDDEN); + response.getHeaders().setContentType(MediaType.TEXT_PLAIN); + DataBufferFactory dataBufferFactory = response.bufferFactory(); + DataBuffer buffer = dataBufferFactory.wrap(e.getMessage().getBytes( + Charset.defaultCharset())); + return response.writeWith(Mono.just(buffer)) + .doOnError( error -> DataBufferUtils.release(buffer)); + }); } }