Ok, I tried as suggested writing the json myself from the AuthenticationEntryPoint and it works.
Just for testing I changed the AutenticationEntryPoint by removing response.sendError
@Component("restAuthenticationEntryPoint")
public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint{
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
response.setContentType("application/json");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getOutputStream().println("{ \"error\": \"" + authenticationException.getMessage() + "\" }");
}
}
In this way you can send custom json data along with the 401 unauthorized even if you are using Spring Security AuthenticationEntryPoint.
Obviously you would not build the json as I did for testing purposes but you would serialize some class instance.
In Spring Boot, you should add it to http.authenticationEntryPoint() part of SecurityConfiguration file.