Spring Boot Security does not throw 401 Unauthorized Exception but 404 Not Found
I solved it by adding the following annotation on my top-level @SpringBootApplication
class:
@EnableAutoConfiguration(exclude = {ErrorMvcAutoConfiguration.class})
Could Spring Boot have trouble finding its default error page?
I found the answer in this thread: Return HTTP Error 401 Code & Skip Filter Chains
Instead of
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authenticationException.getMessage());
I need to call
httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
It seems like the chain will stop when I don't continue calling it and by setting the status to a different code - the exception is thrown correctly