Spring Security Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions

When (Reactive)AuthenticationManager throws or resolves to an AuthenticationServiceException, Authentication(Web)Filter should instead return a 500 HTTP response.

Comment From: Kehrlann

Hey there 👋 I'm interested in picking this one up.

Comment From: Kehrlann

Hey @jzheaux , a few questions regarding this.

Here's my interpretation of the story (for AuthenticationFilter):

When the user does not override the `failureHandler`

When the AuthenticationManager throws an AuthenticationServiceException ; Then the exception is re-thrown, ultimately producing a HTTP 500

When the user provides a custom `failureHandler`

When the AuthenticationManager throws an AuthenticationServiceException ; That exception is passed to the user's failureHandler and process by that

Let me know if I'm missing something.

Spring Security Authentication(Web)Filter should return a 500 on AuthenticationServiceExceptions

When the user does not override the failureHandler

When the user provides a custom failureHandler

When the user does not override the `failureHandler`

When the user provides a custom `failureHandler`