OZG-4939 Unauthorized error response

src/main/java/de/ozgcloud/admin/security/SecurityConfiguration.java

@@ -19,9 +19,14 @@
  */
 package de.ozgcloud.admin.security;
 
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.net.URI;
 import java.util.List;
 
-import org.apache.http.HttpHeaders;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -32,9 +37,15 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.ErrorResponse;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectWriter;
 
 @Configuration
 @EnableMethodSecurity(securedEnabled = true)
@@ -52,12 +63,7 @@ public class SecurityConfiguration {
 		// Disable CSRF because of state-less session-management
 		http.csrf(AbstractHttpConfigurer::disable);
 
-		// Return 401 (unauthorized) instead of 302 (redirect to login) when
-		// authorization is missing or invalid
-		http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> {
-			response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer realm=\"Restricted Content\"");
-			response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
-		}));
+		http.exceptionHandling(eh -> eh.authenticationEntryPoint(this::handleAuthenticationException));
 
 		http.authorizeHttpRequests(requests -> requests
 				.requestMatchers(HttpMethod.GET, "/api/environment").permitAll()
@@ -71,6 +77,31 @@ public class SecurityConfiguration {
 		return http.build();
 	}
 
+	private void handleAuthenticationException(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
+			throws IOException {
+		response.setStatus(HttpStatus.UNAUTHORIZED.value());
+		response.setContentType("application/json");
+
+		var problemDetail = getProblemDetailAsString(request.getRequestURI(), authException);
+		writeProblemDetailToBody(response.getWriter(), problemDetail);
+	}
+
+	private String getProblemDetailAsString(String requestUri, AuthenticationException authException) throws JsonProcessingException {
+		var problemDetail = ErrorResponse.builder(authException,
+				HttpStatus.UNAUTHORIZED,
+				authException.getLocalizedMessage()).build().getBody();
+		problemDetail.setInstance(URI.create(requestUri));
+
+		ObjectWriter ow = new ObjectMapper().writer().withDefaultPrettyPrinter();
+		return ow.writeValueAsString(problemDetail);
+	}
+
+	private void writeProblemDetailToBody(PrintWriter writer, String problemDetail) {
+		writer.print(problemDetail);
+		writer.flush();
+		writer.close();
+	}
+
 	@Bean
 	JwtAuthenticationConverter jwtAuthenticationConverter() {
 		var jwtConverter = new JwtAuthenticationConverter();