Skip to content

Anonymous requests to the token endpoint are redirected to the Spring Security login page instead of receiving a 401 response #35368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Anonymous requests to the token endpoint are redirected to the Spring Security login page instead of receiving a 401 response #35368

wants to merge 1 commit into from

Conversation

sjohnr
Copy link

@sjohnr sjohnr commented May 9, 2023

Fixes an issue where auto-configuration for Spring Authorization Server was overriding the default exception handling (AuthenticationEntryPoint) resulting in anonymous requests to the token endpoint being redirected to the Spring Security login page instead of returning 401 Unauthorized.

Auto-configuration now registers a defaultAuthenticationEntryPointFor that is added to any other entry points already configured.

See gh-34003

Fix redirect to login page for token requests
8876bb8 
Fixes an issue where auto-configuration for Spring Authorization Server
was overriding the default exception handling (AuthenticationEntryPoint)
resulting in anonymous requests to the token endpoint being redirected
to the Spring Security login page instead of returning 401 Unauthorized.

Auto-configuration now registers a defaultAuthenticationEntryPointFor
that is added to any other entry points already configured.

See spring-projectsgh-34003
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 9, 2023
@wilkinsona wilkinsona changed the title Fix redirect to login page for token requests Anonymous requests to the token endpoint are redirected to the Spring Security login page instead of receiving a 401 response May 9, 2023
@wilkinsona wilkinsona added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 9, 2023
@wilkinsona wilkinsona added this to the 3.1.x milestone May 9, 2023
mhalbritter pushed a commit that referenced this pull request May 10, 2023
@mhalbritter
Fix redirect to login page for token requests
10feecb 
Fixes an issue where auto-configuration for Spring Authorization Server
was overriding the default exception handling (AuthenticationEntryPoint)
resulting in anonymous requests to the token endpoint being redirected
to the Spring Security login page instead of returning 401 Unauthorized.

Auto-configuration now registers a defaultAuthenticationEntryPointFor
that is added to any other entry points already configured.

See gh-35368
@mhalbritter
Copy link
Contributor

Thanks!

@mhalbritter mhalbritter modified the milestones: 3.1.x, 3.1.0 May 10, 2023
@sjohnr sjohnr deleted the sas-authentication-entry-point branch May 10, 2023 15:44
@sjohnr
Copy link
Author

sjohnr commented May 10, 2023

Thanks for the quick merge!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type: bug A general bug
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@sjohnr @mhalbritter @wilkinsona @spring-projects-issues