diff --git a/src/main/java/app/mealsmadeeasy/api/recipe/RecipeController.java b/src/main/java/app/mealsmadeeasy/api/recipe/RecipeController.java index a12a37c..0cc3879 100644 --- a/src/main/java/app/mealsmadeeasy/api/recipe/RecipeController.java +++ b/src/main/java/app/mealsmadeeasy/api/recipe/RecipeController.java @@ -24,7 +24,7 @@ public class RecipeController { this.recipeService = recipeService; } - @ExceptionHandler + @ExceptionHandler(RecipeException.class) public ResponseEntity onRecipeException(RecipeException recipeException) { final HttpStatus status = switch (recipeException.getType()) { case INVALID_ID, INVALID_USERNAME_OR_SLUG -> HttpStatus.NOT_FOUND; diff --git a/src/main/java/app/mealsmadeeasy/api/security/JwtFilter.java b/src/main/java/app/mealsmadeeasy/api/security/JwtFilter.java index 44a7302..53c8c19 100644 --- a/src/main/java/app/mealsmadeeasy/api/security/JwtFilter.java +++ b/src/main/java/app/mealsmadeeasy/api/security/JwtFilter.java @@ -1,10 +1,14 @@ package app.mealsmadeeasy.api.security; import app.mealsmadeeasy.api.jwt.JwtService; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.jsonwebtoken.security.SecurityException; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Lazy; import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -21,12 +25,16 @@ import java.io.IOException; @Component public final class JwtFilter extends OncePerRequestFilter { + private static final Logger logger = LoggerFactory.getLogger(JwtFilter.class); + private final UserDetailsService userDetailsService; private final JwtService jwtService; + private final ObjectMapper objectMapper; - public JwtFilter(UserDetailsService userDetailsService, JwtService jwtService) { + public JwtFilter(UserDetailsService userDetailsService, JwtService jwtService, ObjectMapper objectMapper) { this.userDetailsService = userDetailsService; this.jwtService = jwtService; + this.objectMapper = objectMapper; } @Override @@ -38,10 +46,18 @@ public final class JwtFilter extends OncePerRequestFilter { return; } - if (authorizationHeader.startsWith("Bearer ") - && authorizationHeader.length() > 7) { + if (authorizationHeader.startsWith("Bearer ") && authorizationHeader.length() > 7) { final String token = authorizationHeader.substring(7); - final String username = this.jwtService.getSubject(token); + final String username; + try { + username = this.jwtService.getSubject(token); + } catch (SecurityException e) { + logger.error("Error while getting username from token.", e); + final SecurityExceptionView view = new SecurityExceptionView(401, e.getMessage()); + response.setStatus(401); + response.getWriter().write(this.objectMapper.writeValueAsString(view)); + return; + } final UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); final var authenticationToken = new UsernamePasswordAuthenticationToken( userDetails, diff --git a/src/main/java/app/mealsmadeeasy/api/security/SecurityExceptionView.java b/src/main/java/app/mealsmadeeasy/api/security/SecurityExceptionView.java new file mode 100644 index 0000000..bef2d5a --- /dev/null +++ b/src/main/java/app/mealsmadeeasy/api/security/SecurityExceptionView.java @@ -0,0 +1,21 @@ +package app.mealsmadeeasy.api.security; + +public class SecurityExceptionView { + + private final int status; + private final String message; + + public SecurityExceptionView(int status, String message) { + this.status = status; + this.message = message; + } + + public int getStatus() { + return this.status; + } + + public String getMessage() { + return this.message; + } + +}