401 instead of 403 with Spring Boot 2
With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
//...
using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.
I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).
Q:
Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?
java spring spring-boot spring-security
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
add a comment |
With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
//...
using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.
I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).
Q:
Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?
java spring spring-boot spring-security
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
add a comment |
With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
//...
using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.
I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).
Q:
Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?
java spring spring-boot spring-security
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
//...
using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint class.
I just upgraded to Spring Boot 2.0.0.RELEASE and found there is not such class any more (at least in that package).
Q:
Does this class (Http401AuthenticationEntryPoint) exist yet in Spring Boot? If no, what could be a good alternative for keeping the same behavior in an existing project in order to keep consistency with other implementations which depend on this status code (401) instead of 403?
java spring spring-boot spring-security
java spring spring-boot spring-security
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
edited Oct 25 '18 at 12:54
lealceldeiro
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
asked Mar 12 '18 at 17:40
lealceldeirolealceldeiro
6,56031543
6,56031543
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.
In my case the code would go like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?
– lealceldeiro
Mar 26 '18 at 18:17
add a comment |
Http401AuthenticationEntryPoint was removed, see 10715:
Remove Http401AuthenticationEntryPoint
rwinch commented on 20 Oct 2017
As far as I can tell it is not being used in the Spring Boot code base, so it might be good to removeHttp401AuthenticationEntryPoint.
Depending on your requirements, you could use:
- HttpStatusEntryPoint
- BasicAuthenticationEntryPoint
answered Oct 17 '18 at 14:53
durdur
7,827134266
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I usedHttpStatusEntryPointaccording to my requirements.
– lealceldeiro
Oct 17 '18 at 14:59
add a comment |
Just to elaborate @lealceldeiro's answer:
Before Spring Boot 2 my Securiy Configuration class looked like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
@Bean
public Http401AuthenticationEntryPoint securityException401EntryPoint()
return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
@Autowired
private Http401AuthenticationEntryPoint authEntrypoint;
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 1.5.x style
http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
//...
And now in Spring Boot 2 it looks like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
//Bean configuration for Http401AuthenticationEntryPoint can be removed
//Autowiring also removed
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 2 style
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
add a comment |
you can customize your logic with overriding the class AuthenticationEntryPoint
this should be working :
@Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable
private static final long serialVersionUID = -8970718410437077606L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49241384%2f401-instead-of-403-with-spring-boot-2%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.
In my case the code would go like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?
– lealceldeiro
Mar 26 '18 at 18:17
add a comment |
The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.
In my case the code would go like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?
– lealceldeiro
Mar 26 '18 at 18:17
add a comment |
The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.
In my case the code would go like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
The class org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint was removed in favor of org.springframework.security.web.authentication.HttpStatusEntryPoint.
In my case the code would go like this:
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
edited Oct 25 '18 at 12:55
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
answered Mar 12 '18 at 17:51
lealceldeirolealceldeiro
6,56031543
6,56031543
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?
– lealceldeiro
Mar 26 '18 at 18:17
add a comment |
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (401) is the default behavior. Do you have any reference about this so I can link it in the answer?
– lealceldeiro
Mar 26 '18 at 18:17
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Now bad credential requests are returning 401, but empty-body response. Also, unauthorized requests, which should return 403, are also returning 401 with empty-body response.
– Nelio Alves
Mar 26 '18 at 17:49
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (
401) is the default behavior. Do you have any reference about this so I can link it in the answer?– lealceldeiro
Mar 26 '18 at 18:17
Thanks, @NelioAlves, I didn't know that. In order to keep consistency with a legacy code I Implemented it. I guess, then it might not be necessary after all if this (
401) is the default behavior. Do you have any reference about this so I can link it in the answer?– lealceldeiro
Mar 26 '18 at 18:17
add a comment |
Http401AuthenticationEntryPoint was removed, see 10715:
Remove Http401AuthenticationEntryPoint
rwinch commented on 20 Oct 2017
As far as I can tell it is not being used in the Spring Boot code base, so it might be good to removeHttp401AuthenticationEntryPoint.
Depending on your requirements, you could use:
- HttpStatusEntryPoint
- BasicAuthenticationEntryPoint
answered Oct 17 '18 at 14:53
durdur
7,827134266
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I usedHttpStatusEntryPointaccording to my requirements.
– lealceldeiro
Oct 17 '18 at 14:59
add a comment |
Http401AuthenticationEntryPoint was removed, see 10715:
Remove Http401AuthenticationEntryPoint
rwinch commented on 20 Oct 2017
As far as I can tell it is not being used in the Spring Boot code base, so it might be good to removeHttp401AuthenticationEntryPoint.
Depending on your requirements, you could use:
- HttpStatusEntryPoint
- BasicAuthenticationEntryPoint
answered Oct 17 '18 at 14:53
durdur
7,827134266
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I usedHttpStatusEntryPointaccording to my requirements.
– lealceldeiro
Oct 17 '18 at 14:59
add a comment |
Http401AuthenticationEntryPoint was removed, see 10715:
Remove Http401AuthenticationEntryPoint
rwinch commented on 20 Oct 2017
As far as I can tell it is not being used in the Spring Boot code base, so it might be good to removeHttp401AuthenticationEntryPoint.
Depending on your requirements, you could use:
- HttpStatusEntryPoint
- BasicAuthenticationEntryPoint
answered Oct 17 '18 at 14:53
durdur
7,827134266
Http401AuthenticationEntryPoint was removed, see 10715:
Remove Http401AuthenticationEntryPoint
rwinch commented on 20 Oct 2017
As far as I can tell it is not being used in the Spring Boot code base, so it might be good to removeHttp401AuthenticationEntryPoint.
Depending on your requirements, you could use:
- HttpStatusEntryPoint
- BasicAuthenticationEntryPoint
answered Oct 17 '18 at 14:53
durdur
7,827134266
answered Oct 17 '18 at 14:53
durdur
7,827134266
answered Oct 17 '18 at 14:53
durdur
7,827134266
answered Oct 17 '18 at 14:53
durdur
7,827134266
7,827134266
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I usedHttpStatusEntryPointaccording to my requirements.
– lealceldeiro
Oct 17 '18 at 14:59
add a comment |
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I usedHttpStatusEntryPointaccording to my requirements.
– lealceldeiro
Oct 17 '18 at 14:59
1
1
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used
HttpStatusEntryPoint according to my requirements.– lealceldeiro
Oct 17 '18 at 14:59
Thanks, very useful link from spring boot git repo. In the answer I provided future readers can see how I used
HttpStatusEntryPoint according to my requirements.– lealceldeiro
Oct 17 '18 at 14:59
add a comment |
Just to elaborate @lealceldeiro's answer:
Before Spring Boot 2 my Securiy Configuration class looked like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
@Bean
public Http401AuthenticationEntryPoint securityException401EntryPoint()
return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
@Autowired
private Http401AuthenticationEntryPoint authEntrypoint;
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 1.5.x style
http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
//...
And now in Spring Boot 2 it looks like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
//Bean configuration for Http401AuthenticationEntryPoint can be removed
//Autowiring also removed
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 2 style
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
add a comment |
Just to elaborate @lealceldeiro's answer:
Before Spring Boot 2 my Securiy Configuration class looked like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
@Bean
public Http401AuthenticationEntryPoint securityException401EntryPoint()
return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
@Autowired
private Http401AuthenticationEntryPoint authEntrypoint;
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 1.5.x style
http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
//...
And now in Spring Boot 2 it looks like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
//Bean configuration for Http401AuthenticationEntryPoint can be removed
//Autowiring also removed
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 2 style
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
add a comment |
Just to elaborate @lealceldeiro's answer:
Before Spring Boot 2 my Securiy Configuration class looked like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
@Bean
public Http401AuthenticationEntryPoint securityException401EntryPoint()
return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
@Autowired
private Http401AuthenticationEntryPoint authEntrypoint;
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 1.5.x style
http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
//...
And now in Spring Boot 2 it looks like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
//Bean configuration for Http401AuthenticationEntryPoint can be removed
//Autowiring also removed
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 2 style
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
Just to elaborate @lealceldeiro's answer:
Before Spring Boot 2 my Securiy Configuration class looked like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
@Bean
public Http401AuthenticationEntryPoint securityException401EntryPoint()
return new Http401AuthenticationEntryPoint("Bearer realm="webrealm"");
@Autowired
private Http401AuthenticationEntryPoint authEntrypoint;
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 1.5.x style
http.exceptionHandling().authenticationEntryPoint(authEntrypoint);
//...
And now in Spring Boot 2 it looks like this:
@Configuration
public class MyConfig extends WebSecurityConfigurerAdapter
//Bean configuration for Http401AuthenticationEntryPoint can be removed
//Autowiring also removed
@Override
protected void configure(HttpSecurity http) throws Exception
// some http configuration ...
// Spring Boot 2 style
http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
See also here: https://github.com/spring-projects/spring-boot/issues/10715#issuecomment-363592444
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
answered Oct 25 '18 at 10:12
Tai TruongTai Truong
8116
8116
add a comment |
add a comment |
you can customize your logic with overriding the class AuthenticationEntryPoint
this should be working :
@Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable
private static final long serialVersionUID = -8970718410437077606L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
add a comment |
you can customize your logic with overriding the class AuthenticationEntryPoint
this should be working :
@Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable
private static final long serialVersionUID = -8970718410437077606L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
add a comment |
you can customize your logic with overriding the class AuthenticationEntryPoint
this should be working :
@Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable
private static final long serialVersionUID = -8970718410437077606L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
you can customize your logic with overriding the class AuthenticationEntryPoint
this should be working :
@Component public class AuthEntryPointException implements AuthenticationEntryPoint, Serializable
private static final long serialVersionUID = -8970718410437077606L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write(""result":"UNAUTHORIZED","message":"UNAUTHORIZED or Invalid Token"");
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
edited Nov 14 '18 at 9:51
Suraj Rao
23.7k85872
23.7k85872
answered Nov 14 '18 at 9:31
user2530251user2530251
11
answered Nov 14 '18 at 9:31
user2530251user2530251
11
answered Nov 14 '18 at 9:31
user2530251user2530251
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49241384%2f401-instead-of-403-with-spring-boot-2%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
