We have a REST server (resource + authorization) based on Oauth2 by spring-security + spring web + jersey for our REST resources. Most of this is working out nicely, however when hitting /oauth/token in a username-password flow with bad credentials we don't just get a 400 (as would be correct by the spec) but an entire stacktrace as JSON in the response. I've searched and debugged and fumbled around but couldn't quite locate the culprit. Could this be a spring-security setting? or spring-web? or the servlet that mapps the resources using jersey?We have a REST server (resource + authorization