I want my spring application to allow only admin to access /user/* and /section/*.
The application is currently blocking the request made by other users but as far as my understanding is concerned, I should get a 403 error, Instead I am getting a 401 Unauthorized as response.
The following image is the screenshot.
Here is the code which should only allow admins
http.csrf().disable().
addFilterAfter(new JWTTokenGeneratorFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(new JWTTokenValidatorFilter(), BasicAuthenticationFilter.class)
.authorizeHttpRequests((requests) -> requests
.requestMatchers("/section/*","/user/*").hasRole("ADMIN")
.requestMatchers("/auth/*").authenticated())
.formLogin(Customizer.withDefaults())
.httpBasic(Customizer.withDefaults());
return http.build();
Please help me understand, if this behaviour is correct. I seem to be getting 401 error for all exceptions being thrown in my application.