Example test showing the minimalist response to an empty Authorization header

danielshiplett · danielshiplett · commit af04047a7626 · 2025-04-21T14:58:39.000-04:00
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -178,6 +178,19 @@ public void getWhenExpiredThenReturnsInvalidToken() {
 		// @formatter:on
 	}
 
+	@Test
+	public void getWhenBearerMissingInvalidToken() {
+		this.spring.register(PublicKeyConfig.class).autowire();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.set("Authorization", ""))
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"missing_token\""));
+		// @formatter:on
+	}
+
 	@Test
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();
