Replace dynamic error message with static "Access Denied"

Closes spring-projectsgh-16514 Signed-off-by: Daeho Kwon <[email protected]>
kwondh5217 · Feb 3, 2025 · d1b72ca · d1b72ca
1 parent 6730167
commit d1b72ca
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/...pringframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java b/...pringframework/security/web/server/authorization/HttpStatusServerAccessDeniedHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException ex) {
 			response.setStatusCode(this.httpStatus);
 			response.getHeaders().setContentType(MediaType.TEXT_PLAIN);
 			DataBufferFactory dataBufferFactory = response.bufferFactory();
-			DataBuffer buffer = dataBufferFactory.wrap(ex.getMessage().getBytes(Charset.defaultCharset()));
+			DataBuffer buffer = dataBufferFactory.wrap("Access Denied".getBytes(Charset.defaultCharset()));
 			return response.writeWith(Mono.just(buffer)).doOnError((error) -> DataBufferUtils.release(buffer));
 		});
 	}

diff --git a/...framework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java b/...framework/security/web/server/authorization/HttpStatusServerAccessDeniedHandlerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,9 +23,9 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.http.server.reactive.MockServerHttpResponse;
 import org.springframework.mock.web.server.MockServerWebExchange;
 import org.springframework.security.access.AccessDeniedException;
-import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@@ -39,7 +39,7 @@
 public class HttpStatusServerAccessDeniedHandlerTests {
 
 	@Mock
-	private ServerWebExchange exchange;
+	private MockServerWebExchange exchange;
 
 	private HttpStatus httpStatus = HttpStatus.FORBIDDEN;
 
@@ -62,7 +62,9 @@ public void commenceWhenNoSubscribersThenNoActions() {
 	public void commenceWhenSubscribeThenStatusSet() {
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 		this.handler.handle(this.exchange, this.exception).block();
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
+		MockServerHttpResponse response = this.exchange.getResponse();
+		assertThat(response.getStatusCode()).isEqualTo(this.httpStatus);
+		assertThat(response.getBodyAsString().block()).isEqualTo("Access Denied");
 	}
 
 	@Test
@@ -71,7 +73,9 @@ public void commenceWhenCustomStatusSubscribeThenStatusSet() {
 		this.handler = new HttpStatusServerAccessDeniedHandler(this.httpStatus);
 		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
 		this.handler.handle(this.exchange, this.exception).block();
-		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(this.httpStatus);
+		MockServerHttpResponse response = this.exchange.getResponse();
+		assertThat(response.getStatusCode()).isEqualTo(this.httpStatus);
+		assertThat(response.getBodyAsString().block()).isEqualTo("Access Denied");
 	}
 
 }