refresh token unauthorize issue

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java

@@ -285,8 +285,9 @@ public ResponseEntity<?> refreshToken(@RequestBody Map<String, String> request)
 				return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized.");
 			}
 
-			if (user.getM_status() == null || !"Active".equalsIgnoreCase(user.getM_status().getStatus())) {
-				logger.warn("Token validation failed: user account is inactive or not in 'Active' status.");
+			if (user.getM_status() == null || !("Active".equalsIgnoreCase(user.getM_status().getStatus())
+					|| "New".equalsIgnoreCase(user.getM_status().getStatus()))) {
+				logger.warn("Token validation failed: user account is neither 'Active' nor 'New'.");
 				return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized.");
 			}
 			// Generate new tokens

src/main/java/com/iemr/common/utils/JwtUserIdValidationFilter.java

@@ -169,7 +169,8 @@ private boolean shouldSkipAuthentication(String path, String contextPath) {
 				|| path.startsWith(contextPath + "/user/saveUserSecurityQuesAns")
 				|| path.startsWith(contextPath + "/user/userLogout")
 				|| path.startsWith(contextPath + "/user/validateSecurityQuestionAndAnswer")
-				|| path.startsWith(contextPath + "/user/logOutUserFromConcurrentSession");
+				|| path.startsWith(contextPath + "/user/logOutUserFromConcurrentSession")
+				|| path.startsWith(contextPath + "/user/refreshToken");
 	}
 
 	private String getJwtTokenFromCookies(HttpServletRequest request) {

src/main/java/com/iemr/common/utils/http/HTTPRequestInterceptor.java

@@ -21,7 +21,7 @@
 */
 package com.iemr.common.utils.http;
 
-
+import java.nio.charset.StandardCharsets;
 import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;
@@ -32,10 +32,10 @@
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import com.iemr.common.utils.response.OutputResponse;
 import com.iemr.common.utils.sessionobject.SessionObject;
 import com.iemr.common.utils.validator.Validator;
 
+import jakarta.servlet.ServletOutputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 @Configuration
@@ -125,12 +125,30 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 					break;
 				}
 			} catch (Exception e) {
-				OutputResponse output = new OutputResponse();
-				output.setError(e);
-				response.getOutputStream().print(output.toString());
-				response.setContentType(MediaType.APPLICATION_JSON);
-				response.setContentLength(output.toString().length());
-				response.setHeader("Access-Control-Allow-Origin", "*");
+				logger.error("Authorization failed: {}", e.getMessage(), e);
+
+			    String errorMessage = e.getMessage();
+			    if (errorMessage == null || errorMessage.trim().isEmpty()) {
+			        errorMessage = "Unauthorized access or session expired.";
+			    }
+
+			    String jsonErrorResponse = "{"
+			            + "\"status\": \"Unauthorized\","
+			            + "\"statusCode\": 401,"
+			            + "\"errorMessage\": \"" + errorMessage.replace("\"", "\\\"") + "\""
+			            + "}";
+
+			    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
+			    response.setContentType(MediaType.APPLICATION_JSON);
+			    response.setHeader("Access-Control-Allow-Origin", "*");
+
+			    // Better to use getBytes().length for accurate byte size
+			    byte[] responseBytes = jsonErrorResponse.getBytes(StandardCharsets.UTF_8);
+			    response.setContentLength(responseBytes.length);
+
+			    ServletOutputStream out = response.getOutputStream();
+			    out.write(responseBytes);
+			    out.flush();
 				status = false;
 			}
 		}
@@ -164,4 +182,4 @@ public void afterCompletion(HttpServletRequest request, HttpServletResponse resp
 			throws Exception {
 		logger.debug("In afterCompletion Request Completed");
 	}
-}
+}