Class GlobalSecurityExceptionHandler

java.lang.Object

com.app.controller.exceptionsHandler.GlobalSecurityExceptionHandler

@RestControllerAdvice
public class GlobalSecurityExceptionHandler
extends Object

Global exception handler for security and authentication related exceptions. Handles JWT exceptions, authentication failures, access denial, and account status issues, returning appropriate HTTP statuses and messages.

Constructor Summary

Constructors

Constructor	Description
GlobalSecurityExceptionHandler()

Method Summary

Modifier and Type	Method	Description
ResponseDto<String>	handleAccessDenied(org.springframework.security.access.AccessDeniedException e)	Handles access denied exceptions when authenticated users try to access resources without sufficient permissions.
ResponseDto<String>	handleAccountStatusExceptions(org.springframework.security.core.AuthenticationException e)	Handles exceptions related to user account status such as disabled, locked, expired accounts, or expired credentials.
ResponseDto<String>	handleAuthenticationException(org.springframework.security.core.AuthenticationException e)	Handles general authentication failures such as bad credentials, missing credentials, or authentication service errors.
ResponseDto<String>	unauthorizedException(Exception e)	Handles invalid or expired JWT token exceptions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

GlobalSecurityExceptionHandler

public GlobalSecurityExceptionHandler()

Method Details

unauthorizedException

@ExceptionHandler({io.jsonwebtoken.ExpiredJwtException.class,io.jsonwebtoken.MalformedJwtException.class,io.jsonwebtoken.UnsupportedJwtException.class,SignatureException.class})
@ResponseStatus(UNAUTHORIZED)
public ResponseDto<String> unauthorizedException(Exception e)

Handles invalid or expired JWT token exceptions. Returns HTTP 401 UNAUTHORIZED with a message about invalid token.

Parameters:

e - the exception indicating JWT token error

Returns:

response containing authentication failure message

handleAuthenticationException

@ExceptionHandler({org.springframework.security.authentication.BadCredentialsException.class,org.springframework.security.authentication.AuthenticationCredentialsNotFoundException.class,org.springframework.security.authentication.AuthenticationServiceException.class})
@ResponseStatus(UNAUTHORIZED)
public ResponseDto<String> handleAuthenticationException(org.springframework.security.core.AuthenticationException e)

Handles general authentication failures such as bad credentials, missing credentials, or authentication service errors. Returns HTTP 401 UNAUTHORIZED.

Parameters:

e - the authentication exception

Returns:

response indicating authentication failure

handleAccessDenied

@ExceptionHandler(org.springframework.security.access.AccessDeniedException.class)
@ResponseStatus(FORBIDDEN)
public ResponseDto<String> handleAccessDenied(org.springframework.security.access.AccessDeniedException e)

Handles access denied exceptions when authenticated users try to access resources without sufficient permissions. Returns HTTP 403 FORBIDDEN.

Parameters:

e - the access denied exception

Returns:

response indicating access is denied

handleAccountStatusExceptions

@ExceptionHandler({org.springframework.security.authentication.DisabledException.class,org.springframework.security.authentication.LockedException.class,org.springframework.security.authentication.AccountExpiredException.class,org.springframework.security.authentication.CredentialsExpiredException.class})
@ResponseStatus(FORBIDDEN)
public ResponseDto<String> handleAccountStatusExceptions(org.springframework.security.core.AuthenticationException e)

Handles exceptions related to user account status such as disabled, locked, expired accounts, or expired credentials. Returns HTTP 403 FORBIDDEN.

Parameters:

e - the authentication exception related to account status

Returns:

response indicating an account issue