New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spring boot 3.2.5 @Preauthorize gives forbidden #40496
Comments
Thanks for the report. I suspect that this isn't caused by Spring Boot itself but, most likely, by a change in Spring Security. That said, it's hard to be certain as we don't have the full picture here. For example, you haven't shown the code where you're using If you would like us to spend some more time investigating, please spend some time providing a complete yet minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue. |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue. |
Hi Team,
After upgrading to Spring boot 3.2.5 The methods annotated with
@Preauthorize("isAuthenticated()")
starts throwing Forbidden error.If I simply downgrade to 3.2.4 then everything works normal.
My Security class looks like below.
AuthenticationManager
andSecurityContextRepository
have the logic for token validation which takes the token from the Authorization header and creates aUsernamePasswordAuthenticationToken
.Also, in 3.2.5 If we remove the
@PreAuthorize
then I am able to access the Principal and Credentials from theReactiveSecurityContextHolder.getContext()
after passing the Authorization in the header.And simply downgrading to 3.2.4 everything works fine.
The text was updated successfully, but these errors were encountered: