With Spring Boot 1.5.6.RELEASE I was able to send HTTP Status code 401 instead of 403 as described in How let spring security response unauthorized(http 401 code) if requesting uri without authentication, by doing this: using the org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint …