Spring Security unexpected behavior for REST endpoints authentication?

Question

The scenario we are looking for is as follows:

1. client connects with REST to a REST login url
2. Spring microservice (using Spring Security) should return

Answer 1

You can implement your custom AuthenticationSuccessHandler and override method "onAuthenticationSuccess" to change the response status as per your need.

Example:

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
        Authentication authentication) throws IOException, ServletException {
    ObjectMapper mapper = new ObjectMapper();
    Map tokenMap = new HashMap();
    tokenMap.put("token", accessToken.getToken());
    tokenMap.put("refreshToken", refreshToken.getToken());
    response.setStatus(HttpStatus.OK.value());
    response.setContentType(MediaType.APPLICATION_JSON_VALUE);
    mapper.writeValue(response.getWriter(), tokenMap);
}