From af04047a7626c1d7d76b8c80d8329f9c542025d1 Mon Sep 17 00:00:00 2001
From: Daniel Shiplett <daniel.shiplett@gmail.com>
Date: Mon, 21 Apr 2025 14:58:39 -0400
Subject: [PATCH] Example test showing the minimalist response to an empty
 Authorization header

---
 .../web/server/OAuth2ResourceServerSpecTests.java   | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
index bf31b46d33b..038630723e5 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -178,6 +178,19 @@ public void getWhenExpiredThenReturnsInvalidToken() {
 		// @formatter:on
 	}
 
+	@Test
+	public void getWhenBearerMissingInvalidToken() {
+		this.spring.register(PublicKeyConfig.class).autowire();
+		// @formatter:off
+		this.client.get()
+				.headers((headers) -> headers
+						.set("Authorization", ""))
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer error=\"missing_token\""));
+		// @formatter:on
+	}
+
 	@Test
 	public void getWhenUnsignedThenReturnsInvalidToken() {
 		this.spring.register(PublicKeyConfig.class).autowire();