MME-20 Move access-denied exception handler and fix security config.

src/main/java/app/mealsmadeeasy/api/image/ImageController.java

@@ -8,17 +8,13 @@ import app.mealsmadeeasy.api.image.view.ImageView;
 import app.mealsmadeeasy.api.sliceview.SliceViewService;
 import app.mealsmadeeasy.api.user.User;
 import app.mealsmadeeasy.api.user.UserService;
-import app.mealsmadeeasy.api.util.AccessDeniedView;
 import app.mealsmadeeasy.api.util.ResourceExistsView;
 import lombok.RequiredArgsConstructor;
 import org.springframework.core.io.InputStreamResource;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.Slice;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -40,19 +36,6 @@ public class ImageController {
     private final ImageUpdateBodyToSpecConverter imageUpdateBodyToSpecConverter;
     private final SliceViewService sliceViewService;
 
-    @ExceptionHandler
-    public ResponseEntity<AccessDeniedView> onAccessDenied(AccessDeniedException e) {
-        if (e instanceof AuthorizationDeniedException) {
-            return ResponseEntity.status(HttpStatus.FORBIDDEN)
-                    .contentType(MediaType.APPLICATION_JSON)
-                    .body(new AccessDeniedView(HttpStatus.FORBIDDEN.value(), e.getMessage()));
-        } else {
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
-                    .contentType(MediaType.APPLICATION_JSON)
-                    .body(new AccessDeniedView(HttpStatus.UNAUTHORIZED.value(), e.getMessage()));
-        }
-    }
-
     @GetMapping
     public ResponseEntity<Object> getOwnedImages(
             @AuthenticationPrincipal User principal,

src/main/java/app/mealsmadeeasy/api/security/SecurityConfiguration.java

@@ -46,6 +46,7 @@ public class SecurityConfiguration {
             this.endpointAuthConfigurators.forEach(endpointAuthConfigurator -> {
                 endpointAuthConfigurator.configure(requests);
             });
+            requests.requestMatchers("/error").permitAll();
         });
         httpSecurity.csrf(AbstractHttpConfigurer::disable);
         httpSecurity.cors(Customizer.withDefaults());

src/main/java/app/mealsmadeeasy/api/util/ExceptionHandlers.java

@@ -1,7 +1,10 @@
 package app.mealsmadeeasy.api.util;
 
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
@@ -70,4 +73,17 @@ public class ExceptionHandlers {
         ));
     }
 
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<AccessDeniedView> onAccessDenied(AccessDeniedException e) {
+        if (e instanceof AuthorizationDeniedException) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .body(new AccessDeniedView(HttpStatus.FORBIDDEN.value(), e.getMessage()));
+        } else {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .body(new AccessDeniedView(HttpStatus.UNAUTHORIZED.value(), e.getMessage()));
+        }
+    }
+
 }