0

I am building a restful web service with an Angular front end. If the users log in with wrong credentials, the browser automatically shows a login popup. I want to prevent this by responding to code 403 instead of 401.

i have review this question and it does not help with my use case. I have also tried different solutions found on google, but in all cases is stays giving 401 with the login popup.

This is what I've got now, but it does not work:

SecurityConfig.java:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //...

    @Autowired
    CustomAuthenticationFailureHandler authenticationFailureHandler;

    //... 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
                .formLogin().failureHandler(authenticationFailureHandler).permitAll().and()
                //...
                .httpBasic()
                .and()
                .csrf()
                .disable();
    }
}

CustomAuthenticationFailureHandler.java:

@Component
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {
            this.logger.debug("No failure URL set, sending 401 Unauthorized error");
            response.sendError(403, "Authentication Failed: " + exception.getMessage());
    }
}
Barkermn01
  • 6,781
  • 33
  • 83
switch87
  • 295
  • 1
  • 18

0 Answers0