Merge pull request #7259 from ORCID/lmendoza/404-redirects

cryptalith · web-flow · commit 7c47842d7b01 · 2025-03-24T18:32:21.000-06:00
404-redirects
diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/OrcidAccessDeniedHandler.java b/orcid-web/src/main/java/org/orcid/frontend/spring/OrcidAccessDeniedHandler.java
@@ -2,19 +2,26 @@
 
 import java.io.IOException;
 
+import javax.annotation.Resource;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.orcid.core.manager.impl.OrcidUrlManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.AccessDeniedHandlerImpl;
 import org.springframework.security.web.csrf.CsrfException;
 import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 public class OrcidAccessDeniedHandler extends AccessDeniedHandlerImpl {
 
+    @Resource
+    private OrcidUrlManager orcidUrlManager;
+
     private static final Logger LOGGER = LoggerFactory.getLogger(OrcidAccessDeniedHandler.class);
 
     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
@@ -36,6 +43,13 @@ public void handle(HttpServletRequest request, HttpServletResponse response, Acc
             }
         }
 
+        // Check if the current user is authenticated
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null && auth.isAuthenticated()) {
+            response.sendRedirect(orcidUrlManager.getBaseUrl() + "/404");
+            return;
+        }
+
         super.handle(request, response, accessDeniedException);
     }
 }
diff --git a/orcid-web/src/main/resources/orcid-frontend-security.xml b/orcid-web/src/main/resources/orcid-frontend-security.xml
@@ -419,9 +419,9 @@
 		<sec:intercept-url pattern="/2FA/authenticationCode.json(\?.*)?"
 			access="ROLE_USER" />
 		<sec:intercept-url pattern="/2FA/submitCode.json(\?.*)?"
-			access="ROLE_USER" />
+			access="ROLE_USER" />		
+		<sec:intercept-url pattern="/.*" method="POST" access="ROLE_USER"/>  
 
-		<sec:intercept-url pattern="/.*" access="ROLE_USER"/>
 
 		<sec:form-login login-processing-url="/signin/auth.json" authentication-details-source-ref="authenticationDetailsSource"
 						login-page="${org.orcid.core.baseUri}/signin" authentication-success-handler-ref="ajaxAuthenticationSuccessHandler"
