From 602535c173508826c805f0e1252b60fb7cbb049e Mon Sep 17 00:00:00 2001
From: Joze RIHTARSIC <Joze.RIHTARSIC@ext.ec.europa.eu>
Date: Wed, 22 Sep 2021 11:07:54 +0200
Subject: [PATCH] Update Securioty config with exception handler for "http
 basic"

---
 .../ec/edelivery/smp/config/SpringSecurityConfig.java | 11 ++++++-----
 .../smp/error/SpringSecurityExceptionHandler.java     |  6 +++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
index c099eae39..7032eedd8 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/SpringSecurityConfig.java
@@ -93,12 +93,15 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
 
         httpSecurity
                 .csrf().csrfTokenRepository(csrfTokenRepository).requireCsrfProtectionMatcher(csrfURLMatcher).and()
-                .exceptionHandling().authenticationEntryPoint(new SpringSecurityExceptionHandler()).and()
-                .headers().frameOptions().deny().contentTypeOptions().and().xssProtection().xssProtectionEnabled(true).and().and()
+                .exceptionHandling()
+                .authenticationEntryPoint(new SpringSecurityExceptionHandler())
+                .accessDeniedHandler(new SpringSecurityExceptionHandler())
+                .and()
 
+                .headers().frameOptions().deny().contentTypeOptions().and().xssProtection().xssProtectionEnabled(true).and().and()
                 .addFilter(blueCoatAuthenticationFilter)
                 .addFilter(x509AuthenticationFilter)
-                .httpBasic()
+                .httpBasic().authenticationEntryPoint(new SpringSecurityExceptionHandler())
                 .and() // username
                 .anonymous().authorities(SMPAuthority.S_AUTHORITY_ANONYMOUS.getAuthority()).and()
                 .authorizeRequests().antMatchers(HttpMethod.DELETE, "/ui/rest/security/authentication").permitAll()
@@ -119,8 +122,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
                 SMPAuthority.S_AUTHORITY_SERVICE_GROUP.getAuthority(),
                 SMPAuthority.S_AUTHORITY_SYSTEM_ADMIN.getAuthority()).and()
         ;
-
-
     }
 
     @Override
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java
index fb3fb8c41..e5d2d5bac 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/error/SpringSecurityExceptionHandler.java
@@ -45,7 +45,7 @@ public class SpringSecurityExceptionHandler extends BasicAuthenticationEntryPoin
     private static final Logger log = LoggerFactory.getLogger(SpringSecurityExceptionHandler.class);
 
     public SpringSecurityExceptionHandler() {
-        this.setRealmName("any realm name");
+        this.setRealmName("SMPSecurityRealm");
     }
 
     @Override
@@ -79,8 +79,8 @@ public class SpringSecurityExceptionHandler extends BasicAuthenticationEntryPoin
 
         String errorUniqueId = ((ErrorResponse) response.getBody()).getErrorUniqueId();
         String logMsg = format("Error unique ID: %s", errorUniqueId);
-
-        log.warn(logMsg, exception);
+        log.warn("Security error:[{}] with [{}].", errorMsg, logMsg);
+        log.debug(logMsg, exception);
         return response;
     }
 
-- 
GitLab