These are chat archives for alvarosanchez/spring-security-rest

Nov 2014
Nov 30 2014 14:01

Version 1.4.1.RC2, due to implementation of 'Major overhaul to be less aggressive when handling bearer tokens', RestTokenValidationFilterSpec.groovy now returns 403 instead of 401 for requests where 'X-Auth-Token' header is missing or empty.

This is a breaking change for my single page application where I key off the 401 to show the login page.
@alvarosanchez - Was this change intentional as I didn't see any notes about it in the documentation.

As a developer having the 401 was immensely valuable to me.