Describe the bug 1) I am getting 401 instead of 500 in the response; but getting 200 OK for other requests as described in the 'To Reproduce' section. I am also getting IndexOutOfBoundException in the console log but getting 401 in the response. Sample code is also attached below in the 'Sample' section.

To Reproduce Request sent using postman with payload as:

1) When i send the request with payload as

[ { "contactId": "SR752848216", "contactName": "Test5", "contactEmail": "adfa@gmail.com", "subject": "fjksalf", "message": "lkjl", "createDt": "2023-02-18" }, { "contactId": "SR751247216", "contactName": "Test", "contactEmail": "adfa@gmail.com", "subject": "fjksalf", "message": "lkjl", "createDt": "2023-02-18" } ]

I got 200 OK with response as

[ { "contactId": "SR642542676", "contactName": "Test5", "contactEmail": "adfa@gmail.com", "subject": "fjksalf", "message": "lkjl", "createDt": "2023-02-18" } ] which is as what i expected in this scenario.

2) But with the request payload as below,

[ { "contactId": "SR751247216", "contactName": "Test", "contactEmail": "adfa@gmail.com", "subject": "fjksalf", "message": "lkjl", "createDt": "2023-02-18" } ]

I got 401 response but in the spring boot project console log, i see java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0. I am expecting 500 error but i am getting 401 instead.

Expected behavior Expecting 500 internal server error.

Sample Maven dependencies used org.springframework.boot spring-boot-starter-parent 3.0.2 org.springframework.boot spring-boot-starter-security Codebase @PreFilter("filterObject.contactName != 'Test'") public List saveContactInquiryDetails(@RequestBody List contacts) { // need to handle empty contacts scenario otherwise we will get IndexOutOfBoundsException. Expecting 500 error but // getting 401 Contact contact = contacts.get(0); contact.setContactId(getServiceReqNumber()); contact.setCreateDt(new Date(System.currentTimeMillis())); contact = contactRepository.save(contact); List returnContacts = new ArrayList<>(); returnContacts.add(contact); return returnContacts; }

Comment From: jzheaux

Hi, @horijon, thanks for reaching out. I'm not able to reproduce the issue with the information you described. Are you able to provide a minimal sample that reproduces the issue?

Comment From: horijon

Hello @jzheaux , Please find the codebase at https://github.com/eazybytes/springsecurity6/blob/main/section_13/springsecsection_13/src/main/java/com/eazybytes/controller/ContactController.java

And change @PostFilter("filterObject.contactName != 'Test'") to @PreFilter("filterObject.contactName != 'Test'") in saveContactInquiryDetails method inside ContactContoller class. Now, we can replicate the issue.

I apologize for any misunderstanding that may have occurred. we need to change the PostFilter to PreFilter, updated the code snippet in the previous comment from annotation PostFilter to PreFilter.

Comment From: jzheaux

@horijon thanks for the link. However, I'm sorry I won't be able to sift through all that code. I appreciate that you have sent a link that highlights where you are experiencing the issue, but without less noise, there are too many possibilities for me to sift through and be an effective support to you.

Please take a moment to create a minimal, reproducable sample.. Once you have done that, then it's much easier to see if there is a bug that Spring Security needs fixing.

After creating your minimal sample, if you conclude that Spring Security has a bug, then please update this ticket with that sample. Otherwise, please post the sample to StackOverflow and update this ticket with a link to your question.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.