1515import org .springframework .http .HttpStatus ;
1616import org .springframework .http .ResponseEntity ;
1717import org .springframework .security .access .AccessDeniedException ;
18+ import org .springframework .util .StringUtils ;
1819import org .springframework .web .bind .annotation .RequestMapping ;
1920import org .springframework .web .bind .annotation .ResponseStatus ;
2021import org .springframework .web .bind .annotation .RestController ;
2122import org .springframework .web .context .request .ServletWebRequest ;
2223import org .springframework .web .context .request .WebRequest ;
2324import org .springframework .web .servlet .resource .NoResourceFoundException ;
2425
26+ import java .util .Base64 ;
2527import java .util .Map ;
2628
2729import static org .springframework .http .HttpStatus .*;
@@ -56,8 +58,14 @@ public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
5658 HttpStatus statusCode ;
5759
5860 if (error == null ) {
59- statusCode = result .containsKey ("status" ) && (int ) result .get ("status" ) != 999 ?
60- HttpStatus .valueOf ((int ) result .get ("status" )) : INTERNAL_SERVER_ERROR ;
61+ if ("Unauthorized" .equalsIgnoreCase ((String ) result .get ("error" ))) {
62+ statusCode = HttpStatus .UNAUTHORIZED ;
63+ this .handleAuthorizationException (request , result );
64+ } else {
65+ statusCode = result .containsKey ("status" ) && (int ) result .get ("status" ) != 999 ?
66+ HttpStatus .valueOf ((int ) result .get ("status" )) : INTERNAL_SERVER_ERROR ;
67+
68+ }
6169 } else {
6270 if (!(error instanceof NotFoundException || error instanceof NoResourceFoundException )) {
6371 boolean logStackTrace = !(error instanceof UserRestrictionException || error instanceof invite .exception .RemoteException );
@@ -75,4 +83,35 @@ public ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
7583 return ResponseEntity .status (statusCode ).body (result );
7684 }
7785
86+ private void handleAuthorizationException (HttpServletRequest request , Map <String , Object > result ) {
87+ String remoteIp = request .getHeader ("X-Forwarded-For" );
88+ if (StringUtils .hasText (remoteIp )) {
89+ remoteIp = remoteIp .split ("," )[0 ].trim (); // first entry is the originating client
90+ } else {
91+ remoteIp = request .getRemoteAddr ();
92+ }
93+
94+ String username = null ;
95+ String authHeader = request .getHeader ("Authorization" );
96+ if (StringUtils .hasText (authHeader ) && authHeader .startsWith ("Basic " )) {
97+ String encoded = authHeader .substring (6 );
98+ String decoded = new String (Base64 .getDecoder ().decode (encoded ));
99+ username = decoded .split (":" , 2 )[0 ];
100+ }
101+
102+ String method = request .getMethod ();
103+ String fullPath ;
104+ if (result .containsKey ("path" )) {
105+ fullPath = (String ) result .get ("path" );
106+ } else {
107+ String path = request .getRequestURI ();
108+ String query = request .getQueryString ();
109+ fullPath = query != null ? path + "?" + query : path ;
110+ }
111+
112+ LOG .warn (String .format ("Authentication error: ip=%s, user=%s, method=%s, path=%s" ,
113+ remoteIp , username , method , fullPath
114+ ));
115+ }
116+
78117}
0 commit comments