Spring Security response with error page (403.html) when anyRequest().denyAll()

Asked Jan 31 '22 at 13:10

Active Jan 31 '22 at 13:10

Viewed 287 times

I have the following Spring Security (5.6.1) configuration with Spring Boot (2.6.3):

@Override
protected void configure(HttpSecurity http) throws Exception {    
    http.authorizeRequests().antMatchers("/index.html").permitAll()
        .antMatchers("/overview.html").denyAll();
}

I also have some error pages located in /src/main/resources/public/error/

 - 403.html
 - 404.html
 - 4xx.html
 - 5xx.html

When I send a request to /overview.html I get a 403 error and the content of the 403.html. So far so good.

When I add an anyRequest().denyAll(), I get a 403 error but the response body is empty.

Can anybody explain what's happening?

asked Jan 31 '22 at 13:10

Thomas Rohde

1

Does this answer your question? [Error response body is empty in Spring Boot 2.6](https://stackoverflow.com/questions/70270993/error-response-body-is-empty-in-spring-boot-2-6) – Chin Huang Jan 31 '22 at 14:08
Thanks @ChinHuang. That was the problem. Upgrading to Spring Boot 2.6.2 solved the issue for me. – Thomas Rohde Feb 02 '22 at 07:10

Spring Security response with error page (403.html) when anyRequest().denyAll()

0 Answers0