We have encountered an issue in our application related to our custom filter Authenticationfilter in the Spring Security filter chain. The problem arises when handling unauthorized requests, where a BadCredentialsException is thrown in the custom filter. Instead of receiving the expected BadCredentialsException 401 status code, we are encountering a 500 Internal Server Error.
Upon investigating, it appears that within the ServletInitalHandler and WebMvcMetricsFilter, the status code is being set to INTERNAL_SERVER_ERROR during certain scenarios. The following lines were identified as part of the issue:
- Inside ServletInitalHandler: exchange.setStatusCode(StatusCodes.INTERNAL_SERVER_ERROR);
- Inside WebMvcMetricsFilter: response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
We are seeking assistance in understanding why these both are explicitly setting StatusCodes.INTERNAL_SERVER_ERROR for all the error types. Is this a bug?
Thanks in advance.
Comment From: bclozel
Please ask questions on StackOverflow. I think your first attempt was closed because instead of stating the problem (what are you trying to achieve, what are you doing, what result you are expecting, what result are you getting instead) with concrete code snippets, you are just sharing the current state of your investigation. This means that most of the context is missing for the community and we can't help you.
Can you try and ask a new question with this in mind? Please note that Spring Boot 2.7 is out of open source support so we won't be accepting bug reports on this generation anyway.
Thanks!