add logging of 403 and 401 errors

packages/server/src/main/java/software/uncharted/terarium/hmiserver/models/User.java

@@ -99,7 +99,7 @@ public static boolean isDirty(final User a, final User b) {
 	 * @return
 	 */
 	private static int hash(final User user) {
-		return (user.id + user.username + user.email + user.givenName + user.familyName + user.name + user.enabled).hashCode();
+		return (user.id + user.username + user.email + user.givenName + user.familyName + user.name + user.enabled + user.roles).hashCode();
 	}
 
 	public User merge(final User other) {

packages/server/src/main/java/software/uncharted/terarium/hmiserver/security/LoggingAccessDeniedHandler.java

@@ -0,0 +1,23 @@
+package software.uncharted.terarium.hmiserver.security;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+
+import java.io.IOException;
+
+@Slf4j
+public class LoggingAccessDeniedHandler implements AccessDeniedHandler {
+		@Override
+		public void handle(final HttpServletRequest request, final HttpServletResponse response, final AccessDeniedException accessDeniedException) throws IOException, ServletException {
+				log.warn("Access Denied warning: {}", accessDeniedException.getMessage());
+				log.warn("The Denied request has the following headers:");
+				request.getHeaderNames().asIterator().forEachRemaining(headerName -> {
+						log.warn("\tHeader: {} = {}", headerName, request.getHeader(headerName));
+				});
+				response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
+		}
+}

packages/server/src/main/java/software/uncharted/terarium/hmiserver/security/LoggingAuthenticationEntryPoint.java

@@ -0,0 +1,23 @@
+package software.uncharted.terarium.hmiserver.security;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import java.io.IOException;
+
+@Slf4j
+public class LoggingAuthenticationEntryPoint implements AuthenticationEntryPoint {
+	@Override
+	public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException {
+		log.warn("Unauthorized warning: {}", authException.getMessage());
+		log.warn("The Unauthorized request has the following headers:");
+		request.getHeaderNames().asIterator().forEachRemaining(headerName -> {
+			log.warn("\tHeader: {} = {}", headerName, request.getHeader(headerName));
+		});
+		response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+	}
+}

packages/server/src/main/java/software/uncharted/terarium/hmiserver/security/SecurityConfig.java

@@ -1,5 +1,6 @@
 package software.uncharted.terarium.hmiserver.security;
 
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -10,12 +11,12 @@
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-
-import lombok.RequiredArgsConstructor;
 import software.uncharted.terarium.hmiserver.filters.ServiceRequestFilter;
 
 @Configuration
@@ -34,13 +35,23 @@ public class SecurityConfig {
 	private final UnauthenticatedUrlRequestMatcher unauthenticatedUrlRequestMatcher;
 	private final ApplicationContext applicationContext;
 
+	@Bean
+	public AccessDeniedHandler accessDeniedHandler(){
+		return new LoggingAccessDeniedHandler();
+	}
+
+	@Bean
+	public AuthenticationEntryPoint authenticationEntryPoint(){
+		return new LoggingAuthenticationEntryPoint();
+	}
+
 	@Bean
 	protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
 		return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
 	}
 
 	@Bean
-	public SecurityFilterChain initialSecurityFilterChain(HttpSecurity http) throws Exception {
+	public SecurityFilterChain initialSecurityFilterChain(final HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests((authorize) -> {
 			authorize
 					.requestMatchers(swaggerRequestMatcher).permitAll()
@@ -56,7 +67,10 @@ public SecurityFilterChain initialSecurityFilterChain(HttpSecurity http) throws
 		// authentication, we do not need to worry about CSRF.
 		http.sessionManagement(httpSecuritySessionManagementConfigurer -> httpSecuritySessionManagementConfigurer
 				.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-				.csrf(AbstractHttpConfigurer::disable);
+				.csrf(AbstractHttpConfigurer::disable)
+				.exceptionHandling()
+					.accessDeniedHandler(accessDeniedHandler())
+					.authenticationEntryPoint(authenticationEntryPoint());
 
 		return http.build();
 	}