respond with useful messages when security has blocked request

[pmarsh-scottlogic]

I.e. if bad username or password, include this in the response body, for the clients' sake

Make sure integration tests reflect this

[pmarsh-scottlogic]

Tried to do this for a couple of hours but ultimately gave up.

The important code is here (in ApplicationSecurity)

When an error occurs at the authentication stage, we call response.sendError which sets the response code and supposedly a message. https://stackoverflow.com/questions/1100869/how-to-properly-send-an-http-message-to-the-client

However, in my implementation, I set the return message to "CUSTOM MESSAGE", and put a console lod in the lambda function to make sure it was getting called, and yet there was no error message in the return (as far as I could see in Postman)

This GitHub Issue may ormay not have useful information spring-projects/spring-boot#1731

[pmarsh-scottlogic]

found that messages are hidden by default, you have to add server.error.include-message=always to application.properties

[pmarsh-scottlogic]

Unfortunately this ex object is set magically somewhere by spring, and I've not found an easy way to change it...