Spring Security Return HTTP Status 401 instead of 403
Guide to configure Spring Security to return HTTP status 401 instead of 403 (default) when an authentication error occurs. This kind of update ensures that the error code correctly conveys the meaning to the client, i.e. HTTP 403 Forbidden indicates the client is authenticated but does not have permission to access the requested resource, whereas HTTP 401 Unauthorized indicates the client provides invalid credentials (not authenticated).
#springsecurity #springboot #springmvc #java