diff --git a/src/main/java/org/cbioportal/service/exception/AccessForbiddenException.java b/src/main/java/org/cbioportal/service/exception/AccessForbiddenException.java new file mode 100644 index 00000000000..d9dd8b64bd5 --- /dev/null +++ b/src/main/java/org/cbioportal/service/exception/AccessForbiddenException.java @@ -0,0 +1,7 @@ +package org.cbioportal.service.exception; + +public class AccessForbiddenException extends RuntimeException { + public AccessForbiddenException(String message) { + super(message); + } +} diff --git a/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java b/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java index ca9d416ded2..f7d0eff1195 100644 --- a/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java +++ b/src/main/java/org/cbioportal/web/PublicVirtualStudiesController.java @@ -6,6 +6,7 @@ import io.swagger.v3.oas.annotations.responses.ApiResponse; import org.cbioportal.security.VirtualStudyPermissionService; import org.cbioportal.service.CancerTypeService; +import org.cbioportal.service.exception.AccessForbiddenException; import org.cbioportal.service.exception.CancerTypeNotFoundException; import org.cbioportal.service.util.SessionServiceRequestHandler; import org.cbioportal.web.parameter.VirtualStudy; @@ -94,7 +95,7 @@ public ResponseEntity publishVirtualStudyData( ) { if (requiredPublisherApiKey.isBlank() || !requiredPublisherApiKey.equals(providedPublisherApiKey)) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); + throw new AccessForbiddenException("The provided publisher API key is not correct."); } VirtualStudyData virtualStudyDataToPublish = makeCopyForPublishing(virtualStudyData); if (typeOfCancerId != null) { @@ -130,7 +131,7 @@ public ResponseEntity publishVirtualStudy( ) { if (requiredPublisherApiKey.isBlank() || !requiredPublisherApiKey.equals(providedPublisherApiKey)) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); + throw new AccessForbiddenException("The provided publisher API key is not correct."); } ResponseEntity responseEntity = getVirtualStudyById(id); HttpStatusCode statusCode = responseEntity.getStatusCode(); @@ -166,7 +167,7 @@ public ResponseEntity retractVirtualStudy( ) { if (requiredPublisherApiKey.isBlank() || !requiredPublisherApiKey.equals(providedPublisherApiKey)) { - return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED); + throw new AccessForbiddenException("The provided publisher API key is not correct."); } ResponseEntity responseEntity = getVirtualStudyById(id); HttpStatusCode statusCode = responseEntity.getStatusCode(); diff --git a/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java b/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java index 75bc5c55e6e..9ddb93aaf70 100644 --- a/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java +++ b/src/main/java/org/cbioportal/web/error/GlobalExceptionHandler.java @@ -162,6 +162,12 @@ public ResponseEntity handleDataAccessTokenProhibitedUserExceptio return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED); } + @ExceptionHandler(AccessForbiddenException.class) + public ResponseEntity handleAccessForbiddenException() { + ErrorResponse response = new ErrorResponse("The access is forbidden."); + return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED); + } + @ExceptionHandler(TokenNotFoundException.class) public ResponseEntity handleTokenNotFoundException() { ErrorResponse response = new ErrorResponse("Specified token cannot be found");