Spring security always returns HTTP 403

Question

I have configured a custom Filter that grants a spring authority for every URL other than /login :

public class TokenFilter impleme         


        

Answer 1

Getting a 403 instead of a 401 usually means that you were logged in but you are not permitted (via authority) to see a resource.

Debug and confirm that the user you are logging in has that authority (I know your code sets it, but maybe you are setting something else wrong).