This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 87f61fda823b365263960a8612adc66a14b97f1c Author: Francesco Chicchiriccò <[email protected]> AuthorDate: Fri Mar 20 12:05:37 2026 +0100 Managing Spring Security's AuthorizationDeniedException --- .../syncope/core/rest/cxf/RestServiceExceptionMapper.java | 10 ++++++++-- .../apache/syncope/ext/scimv2/cxf/SCIMExceptionMapper.java | 11 +++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java index 0a7077989f..69c5577f67 100644 --- a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java +++ b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RestServiceExceptionMapper.java @@ -59,6 +59,7 @@ import org.springframework.core.env.Environment; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.dao.UncategorizedDataAccessException; import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.transaction.TransactionSystemException; @Provider @@ -121,8 +122,13 @@ public class RestServiceExceptionMapper implements ExceptionMapper<Exception> { ResponseBuilder builder; if (ex instanceof AccessDeniedException) { - // leaves the default exception processing to Spring Security - builder = null; + if (ex instanceof AuthorizationDeniedException ade) { + builder = Response.status(Response.Status.FORBIDDEN). + header(RESTHeaders.ERROR_INFO, ade.getMessage()); + } else { + // leaves the default exception processing to Spring Security + builder = null; + } } else if (ex instanceof SyncopeClientException sce) { builder = sce.isComposite() ? getSyncopeClientCompositeExceptionResponse(sce.asComposite()) diff --git a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/SCIMExceptionMapper.java b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/SCIMExceptionMapper.java index 3ae55fbd6c..01a9904fd4 100644 --- a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/SCIMExceptionMapper.java +++ b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/SCIMExceptionMapper.java @@ -32,6 +32,7 @@ import org.apache.commons.lang3.exception.ExceptionUtils; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.common.rest.api.RESTHeaders; import org.apache.syncope.core.persistence.api.attrvalue.InvalidEntityException; import org.apache.syncope.core.persistence.api.attrvalue.ParsingValidationException; import org.apache.syncope.core.persistence.api.dao.DuplicateException; @@ -48,6 +49,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.transaction.TransactionSystemException; @Provider @@ -90,8 +92,13 @@ public class SCIMExceptionMapper implements ExceptionMapper<Exception> { || ex instanceof ForbiddenException || ex instanceof NotAuthorizedException) { - // leaves the default exception processing - builder = null; + if (ex instanceof AuthorizationDeniedException ade) { + builder = Response.status(Response.Status.FORBIDDEN). + header(RESTHeaders.ERROR_INFO, ade.getMessage()); + } else { + // leaves the default exception processing to Spring Security + builder = null; + } } else if (ex instanceof NotFoundException) { return Response.status(Response.Status.NOT_FOUND).entity(new SCIMError(null, Response.Status.NOT_FOUND.getStatusCode(), ExceptionUtils.getRootCauseMessage(ex))).
