Describe the bug Since Spring Security 2.6.0 no error page is displayed when setting a context-path and defining a custom ExceptionEntryPoint. Also tested in Spring Security 2.7.0-SNAPSHOT.
To Reproduce
- Add error page e.g. error.html
- Configure a context path e.g. /example
- add .antMatchers("/error").permitAll()
- Configure a custom entrypoint that returns 401 when unauthenticated
- Goto a protected or non-existent url
- instead of the expected error.html page with 401 code, a white page with 401 is displayed
Expected behavior The 401 error page should be displayed.
The workaround to this problem is to either add the context-path explicitly e.g. antMatchers("/example/error").permitAll() or to downgrade to Spring Security 2.5.8
Sample https://github.com/duoduobingbing/springsecuritycontextpathbug-spring-boot-2.7.0-SNAPSHOT
Comment From: duoduobingbing
Closing this as it seems to have been fixed with Spring Security for Spring Boot 2.6.7