.failureHandler(authenticationFailureHandler()) does not exist in spring-config 6.1.1
cobar79 opened this issue · comments
spring-security-exceptionhandler
HttpSecurity.failureHandler no longer exists.
HttpSecurity.exceptionHandling didn't catch InvalidBearerTokenException
Hey, @cobar79.
We have internal tasks to keep articles updated with Spring 6, but it might take a while.
This issue will remain open until then.
Hi @cobar79 - The failureHandler
is not from HttpSecurity
. It's from FormLoginConifgurer<HttpSecurity>
superclass AbstractAuthenticationFilterConfigurer
.
The article and the code uses Spring Boot 2 that uses Spring Security 5.7.8. Nonetheless both Spring Security 5.7.8 and 6.1 have that method.
HttpSecurity.exceptionHandling
didn't catch any InvalidBearerTokenException
. The Invalid bearer token on the Client side is matched to an AuthenticationFailureBadCredentialsEvent
. Therefore, HttpSecurity doesn't catch such an exception. The mapping for the exception, here