Spring Security GET /login? responds with 405

Hello, I have found a weird behaviour that I cannot explain:

in case of missing auth, the request gets forwarded to /login.

So after login, the SavedRequest uses the cached uri it forwards to the previously called page which appends "?continue" to the request uri.

After the session expired, I refresh the page and it says 405 Method GET not allowed /login.

I tried a bit, and it seems that the only accepted query string is ?error or no query string at all, otherwise response status code is 405.

This makes me think that the issue is coming from the generated login page.

To solve this issue, I use a LoginPageFilter and in doFilter-Method I have the following code:

        if (req.getQueryString() != null && (!req.getQueryString().equals("error"))) {
                HttpServletRequestWrapper wrappedRequest = new HttpServletRequestWrapper(req) {
                    @Override
                    public String getQueryString() {
                        return null;
                    }
                };
                RequestDispatcher dispatcher = wrappedRequest.getRequestDispatcher("/login");
                dispatcher.forward(wrappedRequest, res);
        }

I think something like this could be included in the default login page to prevent the issue? Or maybe it is caused by something else in the code which I could not determine.

I get the right status code now but the redirect checker from this service: [https://www.whatsmydns.net/ still shows 405 response.

Comment From: sjohnr

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.