Spring Security Tying BasicAuthenticationEntryPoint into an existing ResponseEntityExceptionHandler for auth exceptions

Summary

I'm following docs/articles for configuring a HttpSecurity (from inside my WebSecurityConfigurerAdapter#configure impl) with an authentication entry point. I'd like to create my own BasicAuthenticationEntryPoin but in all the examples I see, the BasicAuthenticationEntryPoint#commence method is responsible for writing HTTP response bodies in the event that auth fails.

My problems is that I'm already implementing & using the standard Spring ResponseEntityExceptionHandler for handling errors and mapping them to HTTP responses. I'd like to handle auth errors from inside this exception handler...is this possible? If so, how?

Version

Using Gradle coordinates org.springframework.boot:spring-boot-starter-security.

Comment From: eleftherias

The ResponseEntityExceptionHandler will not handle security exceptions because they are thrown from inside a Filter before the request reaches the Servlet. There are a few diagrams describing the Servlet architecture in the architecture section of the Spring Security reference documentation.

You can find additional explanations and workarounds on StackOverflow. A few posts that may be relevant: - https://stackoverflow.com/questions/41140669/handle-security-exceptions-in-spring-boot-resource-server - https://stackoverflow.com/questions/19767267/handle-spring-security-authentication-exceptions-with-exceptionhandler