/** * Configuring authentication. */ protected void login(HttpSecurity http) throws Exception { http .formLogin() // form login .loginPage(loginPage()) /****************************************** * Setting a successUrl would redirect the user there. Instead, * let's send 200 and the userDto along with an Authorization token. *****************************************/ .successHandler(authenticationSuccessHandler) /******************************************* * Setting the failureUrl will redirect the user to * that url if login fails. Instead, we need to send * 401. So, let's set failureHandler instead. *******************************************/ .failureHandler(new SimpleUrlAuthenticationFailureHandler()); }