Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Boot OAuth2 ResourceServer 401 with PermitAll

Tags:

spring-boot

spring-security

spring-security-oauth2

the setup is like this: as authentication server I got a Keycloak, as API-Gateway I use spring-cloud-gateway with Netflix Eureka Client as DiscoveryClient. Of course I need usermanagement, a "simple" register for not authenticated people and registering people as user with admin role. The WebSecurityConfig of the resource-server (Usermanagementservice) looks like this:

@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception 
    {
        
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRoleConverter());  
        
        http
        .authorizeRequests()
            .antMatchers("/register/**")
            .permitAll()
        .and()
        .authorizeRequests()
            .antMatchers("/usermanagementservice/**")
            .hasAnyRole("admin", "anotherrole")
            .anyRequest()
            .authenticated()
        .and()
            .oauth2ResourceServer()
            .jwt()
            .jwtAuthenticationConverter(jwtAuthenticationConverter);
    }
}

The RegisterController looks like this:

@RestController
@RequestMapping("/register")
public class RegisterController {

   @Autowired
   private Service service;

   @GetMapping("/status")
   public boolean checkStatus()
   {
        return true;
   }

   @PostMapping("/create")
   public Response createUser(@RequestBody User user)
   {
       return service.doSomething(user);
   }

}

So if everything is running, and i make the getRequest to my API-Gateway on localhost:8083/register/status I get the boolean back as response, if I send a POST-Request to the Gateway with a Json-Object I get the 401 Unauthorized, I added at the WebSecurityConfig the @Order(1) annotation, nothing changed, like here. I tried and read this, that and this one and not to forget that one. But no luck at all. :( Any help would be appreciated. Thank you very much in advance. :)

like image 324
Hugo Avatar asked Nov 04 '25 18:11

Hugo

1 Answers

http
.csrf().disable()

was the missing piece in the configure method of the WebSecurityConfig.class Thank you very much @jzheaux for guiding.

like image 66
Hugo Avatar answered Nov 07 '25 15:11

Hugo

Sign in to Comment

Related questions

Spring boot application slow because of jsp compilation
How to run a integration test in Spring with @SpringBootTest

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!