500 error is thrown when 401 should be in charge
Closed this issue · 2 comments
Hamdam23 commented
500 error status is returning when token is invalid/expired/not-given on endpionts.
Quick summery:
- Handling AuthenticationException will handle invalid credentials(username/password).
- Handling AccessDeniedException is used for method level security such as securing a method for specific roles or authorities.
Hamdam23 commented
KhusainovFarrukh commented
The bug is fixed. But I suggest using only one method of handling security exceptions. Choose one: custom exceptions (via ExceptionHandler) or security handlers (AccessDeniedHandler & AuthenticationEntryPoint)