PIP-908 Tweak security config after switching to new spring-boot version 3.5.7

Author: QuyenLy87

src/main/java/org/ihtsdo/rvf/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package org.ihtsdo.rvf.config;
 
+import jakarta.servlet.http.HttpServletResponse;
 import org.ihtsdo.sso.integration.RequestHeaderAuthenticationDecorator;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -10,15 +11,12 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.intercept.AuthorizationFilter;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
 
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-		http.httpBasic(withDefaults());
 		http.csrf(AbstractHttpConfigurer::disable);
 		http.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 		http.addFilterBefore(new RequestHeaderAuthenticationDecorator(), AuthorizationFilter.class);
@@ -29,6 +27,18 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .permitAll()
                 .anyRequest().authenticated()
         );
+
+		// Configure exception handling to prevent Basic Auth popup
+		// Returns JSON response instead of triggering browser Basic Auth popup
+		http.exceptionHandling(exceptions -> exceptions
+				.authenticationEntryPoint((request, response, authException) -> {
+					response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+					response.setContentType("application/json;charset=UTF-8");
+					String message = authException.getMessage() != null ? authException.getMessage().replace("\"", "\\\"") : "Authentication required";
+					response.getWriter().write("{\"error\":\"Unauthorized\",\"message\":\"" + message + "\"}");
+				})
+		);
+
 		return http.build();
 	}
 }