fix(oracle-api): #2253 return 403 when user is not authorized (#2280)

MCatherine1994 · web-flow · commit d6016d7cec57 · 2025-12-31T11:20:50.000-08:00
diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx
@@ -101,7 +101,7 @@ const App: React.FC = () => {
   }, [signed, selectedClientRoles]);
 
   const handleRedirectTo403 = () => {
-    browserRouter.navigate('/403');
+    browserRouter.navigate(ROUTES.FOUR_OH_THREE);
   };
 
   return (
diff --git a/oracle-api/src/main/java/ca/bc/gov/oracleapi/interceptor/RoleAccessInterceptor.java b/oracle-api/src/main/java/ca/bc/gov/oracleapi/interceptor/RoleAccessInterceptor.java
@@ -47,7 +47,7 @@ public boolean preHandle(
 
     boolean allowed = matchUserRoleWithResourceRoles(rolesRequired, userRoles);
     if (!allowed) {
-      response.setStatus(HttpStatus.UNAUTHORIZED.value());
+      response.setStatus(HttpStatus.FORBIDDEN.value());
     }
 
     return allowed;

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ public boolean preHandle(`
`47`	`47`
`48`	`48`	`boolean allowed = matchUserRoleWithResourceRoles(rolesRequired, userRoles);`
`49`	`49`	`if (!allowed) {`
`50`		`- response.setStatus(HttpStatus.UNAUTHORIZED.value());`
	`50`	`+ response.setStatus(HttpStatus.FORBIDDEN.value());`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`return allowed;`