SpringBoot Missing AUTHENTICATION_FAILURE events when configured oauth2ResourceServer on SecurityFilterChain

When a rest resource is protected by a SecurityFilterChain as a oauth2ResourceServer with jwt enabled and there is no security Bearer token provided, this not reported as a AUTHENTICATION_FAILURE event by the ProviderManager.

Spring-boot version used: 2.7.11

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    // @formatter:off
    return http.oauth2ResourceServer(oauth2 -> {
        oauth2.jwt();
    })
    .build();
    // @formatter:on    

}

Comment From: wilkinsona

Publish of authentication events is handled by Spring Security which is managed as a separate project. https://github.com/spring-projects/spring-security/issues/10433 may be of interest although I think it's discussing a more complex scenario.

Comment From: mancave

I will pop it on there queue, only the logged in events are populated and when the is a token but is invalid. But no token is also a event worthy, from a audit perspective