Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http.authorizeHttpRequests((authorize) -> authorize.requestMatchers( "/websocket/**").permitAll()); Not working #14971

Closed
charankavuri opened this issue Apr 26, 2024 · 3 comments
Closed

http.authorizeHttpRequests((authorize) -> authorize.requestMatchers( "/websocket/**").permitAll()); Not working #14971

charankavuri opened this issue Apr 26, 2024 · 3 comments

Comments

@charankavuri
Copy link

charankavuri commented Apr 26, 2024
edited

Describe the bug

When adding the websocket or any requestMatcher as an exception (white listing) in the SecurityFilterChain, the /websocket or the Options call are returns a 401. This issue has occurred after migrating to Spring Boot 3 and changing antMatchers to requestMatchers.

  @Bean
   SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    for (String issuerUri : issuerUris) {
        addManager(authenticationManagers, issuerUri);
    }
    var authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);

    http
        .csrf(AbstractHttpConfigurer::disable) // deepcode ignore DisablesCSRFProtection: This is a stateless service so CSRF is not possible, and we don't want to introduce a CSRF token just to have one.
        .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(STATELESS))
        .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::deny))
        .oauth2ResourceServer(oauth2 -> oauth2
            .authenticationManagerResolver(authenticationManagerResolver)
        )
        .authorizeHttpRequests(authorize -> authorize
            .requestMatchers( "/websocket/**").permitAll()
            .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated()
        )
        .oauth2ResourceServer(oauth2 -> oauth2
            .authenticationManagerResolver(authenticationManagerResolver)
        );

    return http.build();
}

Expected behavior

Should be able to access /websocket
@charankavuri charankavuri added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 26, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Apr 26, 2024

Hi, @charankavuri, thanks for reaching out. Are you able to submit a minimal sample that reproduces the issue?

@jzheaux jzheaux added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 26, 2024
@spring-projects-issues
Copy link

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label May 3, 2024
@spring-projects-issues
Copy link

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

@spring-projects-issues spring-projects-issues closed this as not planned Won't fix, can't repro, duplicate, stale May 10, 2024
@spring-projects-issues spring-projects-issues removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jzheaux @spring-projects-issues @charankavuri