diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/security/AuthenticationManager.java b/src/main/java/com/ard333/springbootwebfluxjjwt/security/AuthenticationManager.java
index 74a7728..0a6c6ff 100644
--- a/src/main/java/com/ard333/springbootwebfluxjjwt/security/AuthenticationManager.java
+++ b/src/main/java/com/ard333/springbootwebfluxjjwt/security/AuthenticationManager.java
@@ -24,6 +24,7 @@ public class AuthenticationManager implements ReactiveAuthenticationManager {
 	private JWTUtil jwtUtil;
 	
 	@Override
+	@SuppressWarnings("unchecked")
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		String authToken = authentication.getCredentials().toString();
 		
diff --git a/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java b/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
index add99f4..5ea9ef0 100644
--- a/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
+++ b/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java
@@ -3,11 +3,14 @@ package com.ard333.springbootwebfluxjjwt.security;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
+import reactor.core.publisher.Mono;
+
 /**
  *
  * @author ard333
@@ -24,7 +27,18 @@ public class WebSecurityConfig {
 
 	@Bean
 	public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
-		return http.csrf().disable()
+		return http
+				.exceptionHandling()
+				.authenticationEntryPoint((swe, e) -> {
+					return Mono.fromRunnable(() -> {
+						swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
+					});
+				}).accessDeniedHandler((swe, e) -> {
+					return Mono.fromRunnable(() -> {
+						swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
+					});
+				}).and()
+				.csrf().disable()
 				.formLogin().disable()
 				.httpBasic().disable()
 				.authenticationManager(authenticationManager)