500 error is thrown when 401 should be in charge

Question

500 error is thrown when 401 should be in charge

Closed this issue 2 years ago · 2 comments

Hamdam23 commented 2 years ago

500 error status is returning when token is invalid/expired/not-given on endpionts.

Quick summery:

Handling AuthenticationException will handle invalid credentials(username/password).
Handling AccessDeniedException is used for method level security such as securing a method for specific roles or authorities.

Answer 1 · 2022-09-16T11:40:12.000Z

Token belongs to the User on 'user' role who does not have access.
Look there should be 403 Access Denied!

Answer 2 · 2022-09-19T11:03:05.000Z

The bug is fixed. But I suggest using only one method of handling security exceptions. Choose one: custom exceptions (via ExceptionHandler) or security handlers (AccessDeniedHandler & AuthenticationEntryPoint)