From f7c97c108088c10e13f9100424bc76d17cd9b67e Mon Sep 17 00:00:00 2001
From: rajesh <rajeshkhoreupwork@gmail.com>
Date: Thu, 10 Oct 2024 11:56:08 -0700
Subject: [PATCH] Updated config

---
 .../tendermanagement/config/SecurityConfig.java        | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
index 91424195..90c278d4 100644
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -24,12 +24,12 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
-
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
+import jakarta.servlet.http.HttpServletResponse;
 import net.gepafin.tendermanagement.config.jwt.JWTFilter;
 import net.gepafin.tendermanagement.config.jwt.TokenProvider;
 
@@ -107,7 +107,13 @@ public class SecurityConfig {
                 .requestMatchers("/swagger-ui/**").permitAll() // Swagger docs
                 .requestMatchers("/v1/api-docs/**").permitAll() // API docs
                 .anyRequest().authenticated())
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                        .authenticationEntryPoint((request, response, authException) -> {
+                            // Send 403 Forbidden when there is no JWT token provided
+                            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Forbidden: Authentication token is missing or invalid");
+                        })
+                    )
                 .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(new JWTFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
                 // Add SAML2 login configuration (for BENEFICIARI)