spring-security: Spring security 5 "Bad credentials" exception not shown with errorDetails
Summary
I’m just switch from Spring Boot 1.5.4 to 2.0.0.BUILD-SNAPSHOT. Most functionality migrate seamless, but i meet strange behavior of BadCredentialsException handling. In Spring 4 it was show as all other exceptions, like
{
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/v1/admin/users",
"status": 401,
"timestamp": "2017-07-25T10:53:13+0000"
}
But now just empty response with code 401 produced. All other spring security exceptions like “Forbidden” shown as expected in JSON.
Actual Behavior
Just
HTTP/1.1 401
on BadCredentialsException
Expected Behavior
Full JSON body
{
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/v1/admin/users",
"status": 401,
"timestamp": "2017-07-25T10:53:13+0000"
}
on BadCredentialsException
Configuration
Only default spring security properties, no additional properties set
Version
Spring Boot 2.0.0 SNAPSHOT, Spring Framework 5.0.0.M3
Sample
Sorry, part of production project
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 19 (3 by maintainers)
Solved by myself. In Spring Security 5.0 necessary to permit all access to /error endpoint, for all http methods
Hi! Actually it’s Spring Boot 2 related issue, so i close it here. I meet this problem twice. First time i solved it by adding .antMatchers(“/error”).permitAll() Sometime later new Spring Boot 2 milestone broke it again. and second time it was broken completely. I make workaround then, but it was worst solution even i did. I’d intercept Spring Boot error controller and replace error in response.