From 6d605f00f9ea259e719680b5e04f96ba501e3210 Mon Sep 17 00:00:00 2001
From: Art <d.art.shishkin@gmail.com>
Date: Sun, 5 Sep 2021 13:29:38 +0300
Subject: [PATCH] 32. Access denied handler (#2)

---
 .../filter/JwtAccessDeniedHandler.java        | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAccessDeniedHandler.java

diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAccessDeniedHandler.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAccessDeniedHandler.java
new file mode 100644
index 0000000..482b343
--- /dev/null
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAccessDeniedHandler.java
@@ -0,0 +1,37 @@
+package net.shyshkin.study.fullstack.supportportal.backend.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.RequiredArgsConstructor;
+import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants;
+import net.shyshkin.study.fullstack.supportportal.backend.domain.HttpResponse;
+import org.springframework.http.MediaType;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+    private final ObjectMapper objectMapper;
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        var httpResponse = HttpResponse.builder()
+                .httpStatus(UNAUTHORIZED)
+                .httpStatusCode(UNAUTHORIZED.value())
+                .message(SecurityConstants.ACCESS_DENIED_MESSAGE)
+                .reason(UNAUTHORIZED.getReasonPhrase().toUpperCase())
+                .build();
+        String jsonString = objectMapper.writeValueAsString(httpResponse);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.sendError(UNAUTHORIZED.value(), jsonString);
+    }
+}