Given that i have security config ::

I have an application for which my users require an access authority to use the application. As such I did the following:

In my application I have implemented custom otp authentication. It was working correctly with Spring Security 5 but after updating to boot3 and Spring Security 6 it stopped working. Authentication is working just fine but it seems that the authenticated object is not stored in context and subsequent requests responds with 401.

I have this old code:

Article used to implement auth

I want to achieve the following with Spring security:

I have a multilingual login form. The multilanguage is handled by a custom LocaleInterceptor. The language is the first part of the RequestURI:: /{lang}/foo/bar

import java.util.Optional; import org.springframework.data.jpa.repository.JpaRepository; import com.example.secure.models.User; public interface UserRepository extends JpaRepository<User,Integer>{ Optional<User> findAppUserByUsername(String username); } import com.example.secure.repository.UserRepository; import com.example.secure.models.User; import org.springframework.stereotype.Service; @Service public class UserDetailsServiceImpl implements UserDetailsService { private final UserRepository appUserRepository; public UserDetailsServiceImpl(UserRepository appUserRepository) { this.appUserRepository = appUserRepository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = appUserRepository .findAppUserByUsername(username) .orElseThrow(() -> […]

I’m trying to create an SSO server that does the authorization code login flow. I’m using spring security 6 from this library

For a known error, my API calls are being repeated twice by Spring Security. However, I do not understand why the second API call is considered authenticated.