kpur-sbab

https://github.com/spring-projects/spring-security/issues/14725#issuecomment-2755163142

Great thanks. We are doing this as a temporary fix for DW 4.x ``` prometheusRegistry.register(new DropwizardExports(environment.metrics(), (name, metric) -> !(metric instanceof Timer) || !name.matches(".*[._]total.*"))); environment.admin() .addServlet("prometheusMetrics", new PrometheusMetricsServlet(prometheusRegistry)) .addMapping("/prometheusMetrics"); ```

> This is still under consideration as the best practices document is still in draft. > > The idiomatic way to customize how the token is resolved is by [publishing...

`if (!AuthenticationServiceException.class.isAssignableFrom(exception.getClass())) { this.authenticationEntryPoint.commence(request, response, exception); return; }` In `AuthenticationEntryPointFailureHandler` could be the cause

Handling it like this for now, ``` oauth2.withObjectPostProcessor(new ObjectPostProcessor() { @Override public O postProcess(O object) { AuthenticationEntryPointFailureHandler authenticationEntryPointFailureHandler = new AuthenticationEntryPointFailureHandler(problemJsonAuthenticationEntryPoint); authenticationEntryPointFailureHandler.setRethrowAuthenticationServiceException(false); object.setAuthenticationFailureHandler(authenticationEntryPointFailureHandler); return object; } }) ```

Hi @jgrandja , What do you think about this? I could understand AuthenticationServiceException is more for any DB or API failure during authentication process but throwing in JwtAuthenticationProvider might not...

@jzheaux Thanks for responding. Yes thats my intention to unify the response for any errors happening on the filter chain, it would be 401/403 instead of 500s. In our case...

Yes for Spring boot 3.5.x it works but when we tried with milestone release from Spring boot for v4 the scheduler did not do the autoconfiguration

@kagkarlsson Thanks a lot for addressing this. Very much appreciated