Spring Boot Security does not throw 401 Unauthorized Exception but 404 Not Found

I solved it by adding the following annotation on my top-level @SpringBootApplication class:

@EnableAutoConfiguration(exclude = {ErrorMvcAutoConfiguration.class})

Could Spring Boot have trouble finding its default error page?


I found the answer in this thread: Return HTTP Error 401 Code & Skip Filter Chains

Instead of

httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authenticationException.getMessage());

I need to call

httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

It seems like the chain will stop when I don't continue calling it and by setting the status to a different code - the exception is thrown correctly