diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java index d266e55efc..087023c13d 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.java @@ -58,14 +58,16 @@ public final class BearerTokenServerAuthenticationEntryPoint implements @Override public Mono commence(ServerWebExchange exchange, AuthenticationException authException) { - HttpStatus status = getStatus(authException); + return Mono.defer(() -> { + HttpStatus status = getStatus(authException); - Map parameters = createParameters(authException); - String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters); - ServerHttpResponse response = exchange.getResponse(); - response.getHeaders().set(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate); - response.setStatusCode(status); - return response.setComplete(); + Map parameters = createParameters(authException); + String wwwAuthenticate = computeWWWAuthenticateHeaderValue(parameters); + ServerHttpResponse response = exchange.getResponse(); + response.getHeaders().set(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate); + response.setStatusCode(status); + return response.setComplete(); + }); } private Map createParameters(AuthenticationException authException) { diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java index cb60fd0131..0eb7825140 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPointTests.java @@ -91,6 +91,14 @@ public class BearerTokenServerAuthenticationEntryPointTests { assertThat(getResponse().getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST); } + @Test + public void commenceWhenNoSubscriberThenNothingHappens() { + this.entryPoint.commence(this.exchange, new BadCredentialsException("")); + + assertThat(getResponse().getHeaders()).isEmpty(); + assertThat(getResponse().getStatusCode()).isNull(); + } + private MockServerHttpResponse getResponse() { return this.exchange.getResponse(); }