I have implemented a spring boot project with JWT authentication. I want to have two endpoint which any body can access (“auth”,”images”), while protecting all the other endpoints. The problem is the server always return Forbidden status (403) instead of Unauthorized (401), when a client send a request without a valid token to a protected endpoint. Also beside status 403 the response won’t provide any message.