cameleer/cameleer-server
1
0
Fork 0
Code Issues 46 Pull Requests Actions Packages Projects Releases Wiki Activity

Redirect to login on expired/invalid auth
All checks were successful
CI / build (push) Successful in 1m1s
Details
CI / docker (push) Successful in 46s
Details
CI / deploy (push) Successful in 29s
Details

Browse Source 
Backend now returns 401 instead of 403 for unauthenticated requests
via HttpStatusEntryPoint. UI middleware handles both 401 and 403,
triggering token refresh and redirecting to /login on failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-03-13 17:39:29 +01:00
parent 3f98467ba5
commit 4253751ef1
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityConfig.java
View File

@@ -9,11 +9,14 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.http.HttpStatus;
import java.util.List; import java.util.List;
/** /**
@@ -57,6 +60,9 @@ public class SecurityConfig {
).permitAll() ).permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.exceptionHandling(ex -> ex
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.addFilterBefore( .addFilterBefore(
new JwtAuthenticationFilter(jwtService, registryService), new JwtAuthenticationFilter(jwtService, registryService),
UsernamePasswordAuthenticationFilter.class UsernamePasswordAuthenticationFilter.class

2
ui/src/api/client.ts
View File

@@ -23,7 +23,7 @@ const authMiddleware: Middleware = {
return request; return request;
}, },
async onResponse({ response }) { async onResponse({ response }) {
if (response.status === 401) { if (response.status === 401 || response.status === 403) {
onUnauthorized(); onUnauthorized();
} }
return response; return response;