when accessing api without AUTH_TOKEN 403 is returned

754240d4 · Piotr Gawron · 1e7ea43f · 754240d4
Commit 754240d4 authored 7 years ago by Piotr Gawron
--- a/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/BaseController.java
@@ -7,6 +7,7 @@ import org.apache.log4j.Logger;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.ServletRequestBindingException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.context.request.WebRequest;

@@ -15,6 +16,8 @@ import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;

+import lcsb.mapviewer.common.Configuration;
+
 public abstract class BaseController {
 	private Logger			 logger	= Logger.getLogger(BaseController.class);

@@ -29,6 +32,8 @@ public abstract class BaseController {
 		} else if (e instanceof QueryException) {
 			return new ResponseEntity<Object>(
 					"{\"error\" : \"Query server error.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.BAD_REQUEST);
+		} else if (e instanceof ServletRequestBindingException && e.getMessage().indexOf(Configuration.AUTH_TOKEN) >= 0) {
+			return new ResponseEntity<Object>("{\"error\" : \"Access denied.\",\"reason\":\"" + e.getMessage() + "\"}", new HttpHeaders(), HttpStatus.FORBIDDEN);
 		} else {
 			logger.error(e, e);
 			return new ResponseEntity<Object>(