You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When adding the websocket or any requestMatcher as an exception (white listing) in the SecurityFilterChain, the /websocket or the Options call are returns a 401. This issue has occurred after migrating to Spring Boot 3 and changing antMatchers to requestMatchers.
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
for (String issuerUri : issuerUris) {
addManager(authenticationManagers, issuerUri);
}
var authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
http
.csrf(AbstractHttpConfigurer::disable) // deepcode ignore DisablesCSRFProtection: This is a stateless service so CSRF is not possible, and we don't want to introduce a CSRF token just to have one.
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(STATELESS))
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::deny))
.oauth2ResourceServer(oauth2 -> oauth2
.authenticationManagerResolver(authenticationManagerResolver)
)
.authorizeHttpRequests(authorize -> authorize
.requestMatchers( "/websocket/**").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.anyRequest().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2
.authenticationManagerResolver(authenticationManagerResolver)
);
return http.build();
}
Expected behavior
Should be able to access /websocket
The text was updated successfully, but these errors were encountered:
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Describe the bug
When adding the websocket or any requestMatcher as an exception (white listing) in the SecurityFilterChain, the /websocket or the Options call are returns a 401. This issue has occurred after migrating to Spring Boot 3 and changing antMatchers to requestMatchers.
Expected behavior
Should be able to access /websocket
The text was updated successfully, but these errors were encountered: