Bug (found during local sandbox bring-up)
Logging into the Data Custodian (admin/admin, dev) succeeds, but the post-login redirect to /custodian/home returns HTTP 401.
Root cause
web/custodian/CustodianHomeController has its @Controller annotation commented out (// @Controller - COMMENTED OUT: UI not needed in resource server), so /custodian/home has no handler → Spring returns 404 ("No mapping for GET /DataCustodian/custodian/home"). That 404 is re-dispatched to /error, which is evaluated by the resource-server filter chain (BearerTokenAuthenticationFilter) as an anonymous request → 401 (which is what the user sees).
The C2a login work set the form-login DEFAULT_SUCCESS_URL = /custodian/home (CustomerLoginSecurityConfiguration), but the landing controller was left disabled — an inconsistency. The view template templates/custodian/home.html already exists.
Log evidence
UsernamePasswordAuthenticationFilter - ... Username=admin ... Authenticated=true ... [ROLE_CUSTODIAN]
DefaultRedirectStrategy - Redirecting to /DataCustodian/custodian/home
PageNotFound - No mapping for GET /DataCustodian/custodian/home
AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous # /error re-dispatch -> 401
Fix
Re-enable @Controller on CustodianHomeController (template exists). Optionally verify the retail-customer landing (/RetailCustomer/{id}/home, customer/home.html) and the secondary /error-through-resource-server-chain behavior.
Surfaced alongside the sandbox bring-up fixes in #170.
Bug (found during local sandbox bring-up)
Logging into the Data Custodian (
admin/admin, dev) succeeds, but the post-login redirect to/custodian/homereturns HTTP 401.Root cause
web/custodian/CustodianHomeControllerhas its@Controllerannotation commented out (// @Controller - COMMENTED OUT: UI not needed in resource server), so/custodian/homehas no handler → Spring returns 404 ("No mapping for GET /DataCustodian/custodian/home"). That 404 is re-dispatched to/error, which is evaluated by the resource-server filter chain (BearerTokenAuthenticationFilter) as an anonymous request → 401 (which is what the user sees).The C2a login work set the form-login
DEFAULT_SUCCESS_URL = /custodian/home(CustomerLoginSecurityConfiguration), but the landing controller was left disabled — an inconsistency. The view templatetemplates/custodian/home.htmlalready exists.Log evidence
Fix
Re-enable
@ControlleronCustodianHomeController(template exists). Optionally verify the retail-customer landing (/RetailCustomer/{id}/home,customer/home.html) and the secondary/error-through-resource-server-chain behavior.Surfaced alongside the sandbox bring-up fixes in #170.