fixed empty body on Unauthorized response error for SEB

anhefti · anhefti · commit 3cb1172ef81f · 2025-01-28T12:59:30.000+01:00
diff --git a/src/main/java/ch/ethz/seb/sps/server/weblayer/WebConfig.java b/src/main/java/ch/ethz/seb/sps/server/weblayer/WebConfig.java
@@ -20,6 +20,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.apache.catalina.filters.RemoteIpFilter;
+import org.apache.http.HttpHeaders;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
@@ -118,8 +119,17 @@ public void commence(
                 final AuthenticationException authenticationException) throws IOException {
 
             log.warn("{}: Unauthorized Request on: {}", name, request.getRequestURI());
-
+            String bearerTokenHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
+            if (bearerTokenHeader != null) {
+                bearerTokenHeader = bearerTokenHeader.replace("Bearer ", "");
+            }
             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            String errorMsg = "{\n" +
+                    "  \"error\": \"invalid_token\",\n" +
+                    "  \"error_description\": \"Invalid access token: "+ bearerTokenHeader +"\"\n" +
+                    "}";
+            
+            response.getOutputStream().print(errorMsg);
             response.flushBuffer();
         }
     }
