Mrc-5901 Fix Excepion handling packit #135
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #135 +/- ##
=======================================
Coverage 97.22% 97.22%
=======================================
Files 131 131
Lines 1225 1225
Branches 339 339
=======================================
Hits 1191 1191
Misses 33 33
Partials 1 1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
| ): SecurityFilterChain | ||
| { | ||
| httpSecurity | ||
| .cors { it.configurationSource(getCorsConfigurationSource()) } | ||
| .csrf { it.disable() } | ||
| .addFilterBefore(filterChainExceptionHandler, LogoutFilter::class.java) |
There was a problem hiding this comment.
Do we need this? I didn't think the api server had any concept of logout, the client just throws away their JWT.
There was a problem hiding this comment.
yeah its so that any errors caught in filters can be caught be ExceptionHandler... eg. tokenAuthentication.... i just decided to place this filter before LogoutFilter because it is called quite early in the filter chain
| "/role/testRole", | ||
| HttpMethod.DELETE, | ||
| getTokenizedHttpEntity(data = createTestRoleBody), | ||
| String::class.java |
There was a problem hiding this comment.
It seems to me that this operation should return a 403 permission denied, not a 401.
403 is if the request has valid credentials, but they don't have the right scopes.
401 is if the request doesn't have credentials at all, or they are invalid.
Presumably this applies to all our endpoints.
I'm not too hung up about fixing it now, but I think we should eventually.
There was a problem hiding this comment.
oh yip that is true.. yip will make a ticket for this
Dont show service user on mange pages
The following PR fixes multiple issues to do with exception handling. The following are fixed:
Testing: