We have encountered an issue in our application related to the custom filter Authenticationfilter in the Spring Security filter chain. The problem arises when handling unauthorized requests, where a BadCredentialsException is thrown in the custom filter. Instead of receiving the expected BadCredentialsException 401 status code, we are encountering a 500 Internal Server Error.
Upon investigating, it appears that within the ServletInitalHandler and WebMvcMetricsFilter, the status code is being set to INTERNAL_SERVER_ERROR during certain scenarios. The following lines were identified as part of the issue:
- Inside ServletInitalHandler: exchange.setStatusCode(StatusCodes.INTERNAL_SERVER_ERROR);
- Inside WebMvcMetricsFilter: response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
We are seeking assistance in understanding whether this behavior is rooted in internal Spring filters or if there is a potential oversight on our part. We would greatly appreciate any insights or guidance on how to resolve and overcome this issue.