I have a spring boot application working with spring security using basic auth. When the correct basic credentials are supplied, the controller method is called, but for the wrong authorization credentials, I get 404 Not Found instead of 401 Unauthorized.
This is my spring Security Configuration
@Configuration
public static class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/useradmin/api")
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint()).and().csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("default").password("password").roles("USER");
}
}
I examined Spring security with a baseline auth redirect to / error for invalid credentials , and if I exclude ErrorMvcAutoConfiguration.classfrom the Auto Configuration classes, I get 401. However, if I left it autoconfigured, I only get 404, and it doesn't actually redirect to /erroras mentioned above.
BasicErrorController, getError, , , - 401 404.
?