Spring-security: Spring security 5 "Bad credentials" exception not shown with errorDetails

Solved by myself. In Spring Security 5.0 necessary to permit all access to /error endpoint, for all http methods

Hello, I have same problem, Could you explain that how are solve that in detail

Hi!
Actually it's Spring Boot 2 related issue, so i close it here.
I meet this problem twice.
First time i solved it by adding
.antMatchers("/error").permitAll()
Sometime later new Spring Boot 2 milestone broke it again. and second time it was broken completely. I make workaround then, but it was worst solution even i did. I'd intercept Spring Boot error controller and replace error in response.

Thanks. Your workaround works for me.

Actually, this was a proactive decision in the 2.x release of Boot, though I think we should do a better job of explaining the rationale (for which I've just logged a ticket to the Boot team).

The ticket also includes some of the reasoning, too, but I'll briefly summarize here:

• Spring Security secures all endpoints by default. (You can see this is the case by looking at the default implementation of configure in WebSecurityConfigurerAdapter). It was surprising (and less secure) that somehow /error wasn't included in the set of "all endpoints".
• And the way that Spring Boot excluded /error from Spring Security was actually to bypass the filter chain altogether, meaning that secure headers, https redirect, and other important security protections were not invoked.

So, actually, yes, if you want the Spring Boot /error page to be permitted, then it is more secure for you to declaratively say so. This makes it clear in your app what security allowances you are making.

HI

I recently did upgrade of spring boot 2.1.7 and suddently I was not getting any error message ..I found some idea with this issue
so to fix this ..i have given this
antMatchers("/error").permitAll()
but now I m getting the error message but message are coming different
so previously before upgrade when i was putting wrong username/pwd ...the response was
{
"timestamp": 1571049553776,
"status": 401,
"error": "Unauthorized",
"message": "Authentication Failed: {\"errorCode\":\"52e\",\"adminMail\":\"System Administrator\",\"role\":[]}",
"path": "/login/auth"
}
and now after upgrade,this is the response
{
"timestamp": "2019-10-14T10:40:37.651+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/login/auth"
}

Let me know if somebody can help me for this

HI

I recently did upgrade of spring boot 2.1.7 and suddently I was not getting any error message ..I found some idea with this issue
so to fix this ..i have given this
antMatchers("/error").permitAll()
but now I m getting the error message but message are coming different
so previously before upgrade when i was putting wrong username/pwd ...the response was
{
"timestamp": 1571049553776,
"status": 401,
"error": "Unauthorized",
"message": "Authentication Failed: {"errorCode":"52e","adminMail":"System Administrator","role":[]}",
"path": "/login/auth"
}
and now after upgrade,this is the response
{
"timestamp": "2019-10-14T10:40:37.651+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/login/auth"
}

Let me know if somebody can help me for this

I have the same issue, did you find a solution?

HI
I recently did upgrade of spring boot 2.1.7 and suddently I was not getting any error message ..I found some idea with this issue
so to fix this ..i have given this
antMatchers("/error").permitAll()
but now I m getting the error message but message are coming different
so previously before upgrade when i was putting wrong username/pwd ...the response was
{
"timestamp": 1571049553776,
"status": 401,
"error": "Unauthorized",
"message": "Authentication Failed: {"errorCode":"52e","adminMail":"System Administrator","role":[]}",
"path": "/login/auth"
}
and now after upgrade,this is the response
{
"timestamp": "2019-10-14T10:40:37.651+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/login/auth"
}
Let me know if somebody can help me for this

I have the same issue, did you find a solution?

No ..
I am still trying to find the solution

HI
I recently did upgrade of spring boot 2.1.7 and suddently I was not getting any error message ..I found some idea with this issue
so to fix this ..i have given this
antMatchers("/error").permitAll()
but now I m getting the error message but message are coming different
so previously before upgrade when i was putting wrong username/pwd ...the response was
{
"timestamp": 1571049553776,
"status": 401,
"error": "Unauthorized",
"message": "Authentication Failed: {"errorCode":"52e","adminMail":"System Administrator","role":[]}",
"path": "/login/auth"
}
and now after upgrade,this is the response
{
"timestamp": "2019-10-14T10:40:37.651+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/login/auth"
}
Let me know if somebody can help me for this

I have the same issue, did you find a solution?

HI
I wrote a customefailure handler and with that it worked

How did you do that? I tried but exceptions are still coming out in the same manner