-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions #9429
Comments
Hey there 👋 I'm interested in picking this one up. |
Hey @jzheaux , a few questions regarding this. Here's my interpretation of the story (for When the user does not override the
|
Issue spring-projectsgh-11932, spring-projectsgh-9429 (Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead when an AuthenticationServiceException is thrown, instead of HTTP 401. This commit deprecates the current behavior and introduces an opt-in (Server)AuthenticationEntryPointFailureHandlerAdapter with the expected behavior. BearerTokenAuthenticationFilter uses the new adapter, but with a closure to keep the current behavior re: entrypoint.
Issue gh-11932, gh-9429 (Server)AuthenticationEntryPointFailureHandler should produce HTTP 500 instead when an AuthenticationServiceException is thrown, instead of HTTP 401. This commit deprecates the current behavior and introduces an opt-in (Server)AuthenticationEntryPointFailureHandlerAdapter with the expected behavior. BearerTokenAuthenticationFilter uses the new adapter, but with a closure to keep the current behavior re: entrypoint.
When
(Reactive)AuthenticationManager
throws or resolves to anAuthenticationServiceException
,Authentication(Web)Filter
should instead return a 500 HTTP response.The text was updated successfully, but these errors were encountered: