A custom AuthenticationEntryPoint can be used to set necessary response headers, content-type, and so on before sending the response back to the client.
The org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint class is a built-in AuthenticationEntryPoint implementation, which will get invoked for basic authentication to commence. A custom entry point can be created by implementing the org.springframework.security.web.AuthenticationEntryPoint interface. The following is an example implementation:
@Component
public final class CustomAuthenticationEntryPoint implements
AuthenticationEntryPoint {
@Override
public void commence(final HttpServletRequest request, final
HttpServletResponse response, final AuthenticationException
authException) throws IOException...