Hi! I am developing an application under groovy using the acegi security plugin for user authentication.
I want to return HTTP Error 403 in case the authentification fails (user not found, password doesn't match, etc). Following the documentation it should be enough to set under the DefaultSecurityConfig.groovy errorPage to null (errorPage='null').
Textually from that file:
/** accessDeniedHandler
* set errorPage to null, if you want to get error code 403 (FORBIDDEN).
*/
I did this but unfortunately the system has the same behaviour, that is, the login page is shown again with some error message and the Status is 200 OK. I've also set errorPage='null' under SecurityConfig.groovy but nothing has happened.
Moreover, I've set errorPage to a non-existent page but the behaviour is still the same.
Any hint which changes must be done in order to have error 403 as returning status?