401 instead of 403 with Spring Boot 2










6















With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:



public class SecurityConfig extends WebSecurityConfigurerAdapter 

 @Override
 protected void configure(HttpSecurity http) throws Exception 
 //...
 http.exceptionHandling()
 .authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
 //...



using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.



I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).



Q:
Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?






java spring spring-boot spring-security







share|improve this question




























    6















    With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:



    public class SecurityConfig extends WebSecurityConfigurerAdapter 

     @Override
     protected void configure(HttpSecurity http) throws Exception 
     //...
     http.exceptionHandling()
     .authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
     //...



    using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.



    I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).



    Q:
    Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?






    java spring spring-boot spring-security







    share|improve this question


























      6












      6








      6


      2






      With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:



      public class SecurityConfig extends WebSecurityConfigurerAdapter 

       @Override
       protected void configure(HttpSecurity http) throws Exception 
       //...
       http.exceptionHandling()
       .authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
       //...



      using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.



      I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).



      Q:
      Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?






      java spring spring-boot spring-security







      share|improve this question
















      With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:



      public class SecurityConfig extends WebSecurityConfigurerAdapter 

       @Override
       protected void configure(HttpSecurity http) throws Exception 
       //...
       http.exceptionHandling()
       .authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
       //...



      using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.



      I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).



      Q:
      Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?






      java spring spring-boot spring-security




      java spring spring-boot spring-security






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 25 '18 at 12:54







      lealceldeiro

















      asked Mar 12 '18 at 17:40









      lealceldeirolealceldeiro

      6,56031543




      6,56031543






















          4 Answers
          4






          active

          oldest

          votes


















          10














          The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.



          In my case the code would go like this:



          public class SecurityConfig extends WebSecurityConfigurerAdapter 

           @Override
           protected void configure(HttpSecurity http) throws Exception 
           //...
           http.exceptionHandling()
           .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
           //...






          share|improve this answer

























          • Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

            – Nelio Alves
            Mar 26 '18 at 17:49











          • Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

            – lealceldeiro
            Mar 26 '18 at 18:17



















          2














          Http401AuthenticationEntryPoint was removed, see 10715:




          Remove Http401AuthenticationEntryPoint



          rwinch commented on 20 Oct 2017

          As far as I can tell it is not being used in the Spring Boot code base, so it might be good to remove Http401AuthenticationEntryPoint.




          Depending on your requirements, you could use:



          • HttpStatusEntryPoint

          • BasicAuthenticationEntryPoint





          share|improve this answer


















          • 1





            Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

            – lealceldeiro
            Oct 17 '18 at 14:59



















          0














          Just to elaborate @lealceldeiro's answer:



          Before Spring Boot 2 my Securiy Configuration class looked like this:



          @Configuration
          public class MyConfig extends WebSecurityConfigurerAdapter 

           @Bean
           public Http401AuthenticationEntryPoint securityException401EntryPoint() 
           return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
           

           @Autowired
           private Http401AuthenticationEntryPoint authEntrypoint;

           @Override
           protected void configure(HttpSecurity http) throws Exception 

           // some http configuration ...

           // Spring Boot 1.5.x style
           http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
           
          //...



          And now in Spring Boot 2 it looks like this:



          @Configuration
          public class MyConfig extends WebSecurityConfigurerAdapter 

           //Bean configuration for Http401AuthenticationEntryPoint can be removed

           //Autowiring also removed

           @Override
           protected void configure(HttpSecurity http) throws Exception 

           // some http configuration ...

           // Spring Boot 2 style
           http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
           
          //...



          See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444






          share|improve this answer






























            0














            you can customize your logic with overriding the class AuthenticationEntryPoint
            this should be working : 



            @Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable 

             private static final long serialVersionUID = -8970718410437077606L;

             @Override
             public void commence(HttpServletRequest request, HttpServletResponse response,
             AuthenticationException authException) throws IOException 
             response.setStatus(HttpStatus.SC_UNAUTHORIZED);
             response.setContentType("application/json");
             response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");






            share|improve this answer
























              Your Answer






              StackExchange.ifUsing("editor", function ()
              StackExchange.using("externalEditor", function ()
              StackExchange.using("snippets", function ()
              StackExchange.snippets.init();
              );
              );
              , "code-snippets");

              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "1"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader:
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              ,
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













              draft saved

              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49241384%2f401-instead-of-403-with-spring-boot-2%23new-answer', 'question_page');

              );

              Post as a guest















              Required, but never shown

























              4 Answers
              4






              active

              oldest

              votes








              4 Answers
              4






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              10














              The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.



              In my case the code would go like this:



              public class SecurityConfig extends WebSecurityConfigurerAdapter 

               @Override
               protected void configure(HttpSecurity http) throws Exception 
               //...
               http.exceptionHandling()
               .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
               //...






              share|improve this answer

























              • Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

                – Nelio Alves
                Mar 26 '18 at 17:49











              • Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

                – lealceldeiro
                Mar 26 '18 at 18:17
















              10














              The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.



              In my case the code would go like this:



              public class SecurityConfig extends WebSecurityConfigurerAdapter 

               @Override
               protected void configure(HttpSecurity http) throws Exception 
               //...
               http.exceptionHandling()
               .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
               //...






              share|improve this answer

























              • Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

                – Nelio Alves
                Mar 26 '18 at 17:49











              • Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

                – lealceldeiro
                Mar 26 '18 at 18:17














              10












              10








              10







              The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.



              In my case the code would go like this:



              public class SecurityConfig extends WebSecurityConfigurerAdapter 

               @Override
               protected void configure(HttpSecurity http) throws Exception 
               //...
               http.exceptionHandling()
               .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
               //...






              share|improve this answer















              The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.



              In my case the code would go like this:



              public class SecurityConfig extends WebSecurityConfigurerAdapter 

               @Override
               protected void configure(HttpSecurity http) throws Exception 
               //...
               http.exceptionHandling()
               .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
               //...







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Oct 25 '18 at 12:55

























              answered Mar 12 '18 at 17:51









              lealceldeirolealceldeiro

              6,56031543




              6,56031543












              • Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

                – Nelio Alves
                Mar 26 '18 at 17:49











              • Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

                – lealceldeiro
                Mar 26 '18 at 18:17


















              • Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

                – Nelio Alves
                Mar 26 '18 at 17:49











              • Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

                – lealceldeiro
                Mar 26 '18 at 18:17

















              Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

              – Nelio Alves
              Mar 26 '18 at 17:49





              Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.

              – Nelio Alves
              Mar 26 '18 at 17:49













              Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

              – lealceldeiro
              Mar 26 '18 at 18:17






              Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?

              – lealceldeiro
              Mar 26 '18 at 18:17














              2














              Http401AuthenticationEntryPoint was removed, see 10715:




              Remove Http401AuthenticationEntryPoint



              rwinch commented on 20 Oct 2017

              As far as I can tell it is not being used in the Spring Boot code base, so it might be good to remove Http401AuthenticationEntryPoint.




              Depending on your requirements, you could use:



              • HttpStatusEntryPoint

              • BasicAuthenticationEntryPoint





              share|improve this answer


















              • 1





                Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

                – lealceldeiro
                Oct 17 '18 at 14:59
















              2














              Http401AuthenticationEntryPoint was removed, see 10715:




              Remove Http401AuthenticationEntryPoint



              rwinch commented on 20 Oct 2017

              As far as I can tell it is not being used in the Spring Boot code base, so it might be good to remove Http401AuthenticationEntryPoint.




              Depending on your requirements, you could use:



              • HttpStatusEntryPoint

              • BasicAuthenticationEntryPoint





              share|improve this answer


















              • 1





                Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

                – lealceldeiro
                Oct 17 '18 at 14:59














              2












              2








              2







              Http401AuthenticationEntryPoint was removed, see 10715:




              Remove Http401AuthenticationEntryPoint



              rwinch commented on 20 Oct 2017

              As far as I can tell it is not being used in the Spring Boot code base, so it might be good to remove Http401AuthenticationEntryPoint.




              Depending on your requirements, you could use:



              • HttpStatusEntryPoint

              • BasicAuthenticationEntryPoint





              share|improve this answer













              Http401AuthenticationEntryPoint was removed, see 10715:




              Remove Http401AuthenticationEntryPoint



              rwinch commented on 20 Oct 2017

              As far as I can tell it is not being used in the Spring Boot code base, so it might be good to remove Http401AuthenticationEntryPoint.




              Depending on your requirements, you could use:



              • HttpStatusEntryPoint

              • BasicAuthenticationEntryPoint






              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Oct 17 '18 at 14:53









              durdur

              7,827134266




              7,827134266







              • 1





                Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

                – lealceldeiro
                Oct 17 '18 at 14:59













              • 1





                Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

                – lealceldeiro
                Oct 17 '18 at 14:59








              1




              1





              Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

              – lealceldeiro
              Oct 17 '18 at 14:59






              Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used HttpStatusEntryPoint according to my requirements.

              – lealceldeiro
              Oct 17 '18 at 14:59












              0














              Just to elaborate @lealceldeiro's answer:



              Before Spring Boot 2 my Securiy Configuration class looked like this:



              @Configuration
              public class MyConfig extends WebSecurityConfigurerAdapter 

               @Bean
               public Http401AuthenticationEntryPoint securityException401EntryPoint() 
               return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
               

               @Autowired
               private Http401AuthenticationEntryPoint authEntrypoint;

               @Override
               protected void configure(HttpSecurity http) throws Exception 

               // some http configuration ...

               // Spring Boot 1.5.x style
               http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
               
              //...



              And now in Spring Boot 2 it looks like this:



              @Configuration
              public class MyConfig extends WebSecurityConfigurerAdapter 

               //Bean configuration for Http401AuthenticationEntryPoint can be removed

               //Autowiring also removed

               @Override
               protected void configure(HttpSecurity http) throws Exception 

               // some http configuration ...

               // Spring Boot 2 style
               http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
               
              //...



              See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444






              share|improve this answer



























                0














                Just to elaborate @lealceldeiro's answer:



                Before Spring Boot 2 my Securiy Configuration class looked like this:



                @Configuration
                public class MyConfig extends WebSecurityConfigurerAdapter 

                 @Bean
                 public Http401AuthenticationEntryPoint securityException401EntryPoint() 
                 return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
                 

                 @Autowired
                 private Http401AuthenticationEntryPoint authEntrypoint;

                 @Override
                 protected void configure(HttpSecurity http) throws Exception 

                 // some http configuration ...

                 // Spring Boot 1.5.x style
                 http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
                 
                //...



                And now in Spring Boot 2 it looks like this:



                @Configuration
                public class MyConfig extends WebSecurityConfigurerAdapter 

                 //Bean configuration for Http401AuthenticationEntryPoint can be removed

                 //Autowiring also removed

                 @Override
                 protected void configure(HttpSecurity http) throws Exception 

                 // some http configuration ...

                 // Spring Boot 2 style
                 http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
                 
                //...



                See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444






                share|improve this answer

























                  0












                  0








                  0







                  Just to elaborate @lealceldeiro's answer:



                  Before Spring Boot 2 my Securiy Configuration class looked like this:



                  @Configuration
                  public class MyConfig extends WebSecurityConfigurerAdapter 

                   @Bean
                   public Http401AuthenticationEntryPoint securityException401EntryPoint() 
                   return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
                   

                   @Autowired
                   private Http401AuthenticationEntryPoint authEntrypoint;

                   @Override
                   protected void configure(HttpSecurity http) throws Exception 

                   // some http configuration ...

                   // Spring Boot 1.5.x style
                   http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
                   
                  //...



                  And now in Spring Boot 2 it looks like this:



                  @Configuration
                  public class MyConfig extends WebSecurityConfigurerAdapter 

                   //Bean configuration for Http401AuthenticationEntryPoint can be removed

                   //Autowiring also removed

                   @Override
                   protected void configure(HttpSecurity http) throws Exception 

                   // some http configuration ...

                   // Spring Boot 2 style
                   http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
                   
                  //...



                  See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444






                  share|improve this answer













                  Just to elaborate @lealceldeiro's answer:



                  Before Spring Boot 2 my Securiy Configuration class looked like this:



                  @Configuration
                  public class MyConfig extends WebSecurityConfigurerAdapter 

                   @Bean
                   public Http401AuthenticationEntryPoint securityException401EntryPoint() 
                   return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
                   

                   @Autowired
                   private Http401AuthenticationEntryPoint authEntrypoint;

                   @Override
                   protected void configure(HttpSecurity http) throws Exception 

                   // some http configuration ...

                   // Spring Boot 1.5.x style
                   http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
                   
                  //...



                  And now in Spring Boot 2 it looks like this:



                  @Configuration
                  public class MyConfig extends WebSecurityConfigurerAdapter 

                   //Bean configuration for Http401AuthenticationEntryPoint can be removed

                   //Autowiring also removed

                   @Override
                   protected void configure(HttpSecurity http) throws Exception 

                   // some http configuration ...

                   // Spring Boot 2 style
                   http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
                   
                  //...



                  See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Oct 25 '18 at 10:12









                  Tai TruongTai Truong

                  8116




                  8116





















                      0














                      you can customize your logic with overriding the class AuthenticationEntryPoint
                      this should be working : 



                      @Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable 

                       private static final long serialVersionUID = -8970718410437077606L;

                       @Override
                       public void commence(HttpServletRequest request, HttpServletResponse response,
                       AuthenticationException authException) throws IOException 
                       response.setStatus(HttpStatus.SC_UNAUTHORIZED);
                       response.setContentType("application/json");
                       response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");






                      share|improve this answer





























                        0














                        you can customize your logic with overriding the class AuthenticationEntryPoint
                        this should be working : 



                        @Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable 

                         private static final long serialVersionUID = -8970718410437077606L;

                         @Override
                         public void commence(HttpServletRequest request, HttpServletResponse response,
                         AuthenticationException authException) throws IOException 
                         response.setStatus(HttpStatus.SC_UNAUTHORIZED);
                         response.setContentType("application/json");
                         response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");






                        share|improve this answer



























                          0












                          0








                          0







                          you can customize your logic with overriding the class AuthenticationEntryPoint
                          this should be working : 



                          @Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable 

                           private static final long serialVersionUID = -8970718410437077606L;

                           @Override
                           public void commence(HttpServletRequest request, HttpServletResponse response,
                           AuthenticationException authException) throws IOException 
                           response.setStatus(HttpStatus.SC_UNAUTHORIZED);
                           response.setContentType("application/json");
                           response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");






                          share|improve this answer















                          you can customize your logic with overriding the class AuthenticationEntryPoint
                          this should be working : 



                          @Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable 

                           private static final long serialVersionUID = -8970718410437077606L;

                           @Override
                           public void commence(HttpServletRequest request, HttpServletResponse response,
                           AuthenticationException authException) throws IOException 
                           response.setStatus(HttpStatus.SC_UNAUTHORIZED);
                           response.setContentType("application/json");
                           response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Nov 14 '18 at 9:51









                          Suraj Rao

                          23.7k85872




                          23.7k85872










                          answered Nov 14 '18 at 9:31









                          user2530251user2530251

                          11




                          11



























                              draft saved

                              draft discarded
















































                              Thanks for contributing an answer to Stack Overflow!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid


                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.

                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49241384%2f401-instead-of-403-with-spring-boot-2%23new-answer', 'question_page');

                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              -

                              Popular posts from this blog

                              How to how show current date and time by default on contact form 7 in WordPress without taking input from user in datetimepicker

                              Image
                              0 I have a "Ask for demo" form which has two options, 1. Contact me now and 2. Schedule a demo. If user selects option 1 then current date and time should by displayed on form and if he selects option 2 then A calendar is shown for taking user input. My problem is getting current date and time by default on form. Please help. TIA contact-form-7 share | improve this question asked Nov 12 '18 at 9:01 abhi25 abhi25 14 5 add a comment  |  0 I have a "Ask for demo" form which has two options, 1. Contact me now and 2. Schedule a demo. If user selects option 1 then current date and time should by displayed on form and if he selects option 2 then A calendar is shown for taking user input. My problem is getting current date and time by default on form. Please help. TIA contact-form-7 share | improve this question asked Nov 12 '18 at 9:01 abhi25 abhi25 14 5 add a commen
                              Read more

                              Syphilis

                              Image
                              Klassifikation nach ICD-10 A50 Syphilis connata A51 Frühsyphilis A52 Spätsyphilis A53 Sonstige und nicht näher bezeichnete Syphilis ICD-10 online (WHO-Version 2019) Syphilis , [1] auch Lues (venerea) , harter Schanker oder Franzosenkrankheit (maladie française) genannt, ist eine chronische Infektionskrankheit, die zur Gruppe der sexuell übertragbaren Erkrankungen gehört. Der Erreger der Syphilis ist das Bakterium Treponema pallidum ssp. pallidum . Die Syphilis wird hauptsächlich bei sexuellen Handlungen durch Schleimhautkontakt und ausschließlich von Mensch zu Mensch übertragen. Während der Schwangerschaft und bei der Geburt kann eine erkrankte Mutter ihr Kind infizieren ( Syphilis connata ). Das Erscheinungsbild der Krankheit ist vielfältig. Typisch ist ein Beginn mit schmerzlosen Schleimhautgeschwüren und Lymphknotenschwellungen. Bei einem Teil der Infizierten kommt es zu einem chronischen Verlauf, der durch vielfältigen Haut- und Organbefall gekennzeichnet ist. Im Endstadium kom
                              Read more

                              Darth Vader #20

                              Image
                              Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Community Top Users Activity Feed User Lists Community Promos Archives News Reviews Videos Podcasts Previews Login / Sign Up All Wiki     Arcs     Characters     Companies     Concepts     Issues     Locations     Movies     People     Teams     Things     Volumes     Series     Episodes Editorial     Videos     Articles     Reviews     Features Community     Users Wiki Characters Creators Teams Volumes Issues Publishers Locations Concepts Things Story Arcs Movies Series Episodes New Comics Forums Gen. Discussion Bug Reporting Delete/Combine Pages Artist Show-Off Off-Topic Contests Battles Fan-Fic RPG Comic Book Preview API Developers Editing & Tools Podcast Quests Com
                              Read more