Java Community | Help. Code. Learn.JC|HCL
Java Community | Help. Code. Learn.โ€ข14mo agoโ€ข
21 replies
Groldi

Spring Boot Security Hell

Currently I am building some web app. The problem is that I have a login method dedicated for anyone to use:
@PostMapping("/login")
public @NotNull ResponseEntity<@Nullable String> requestNormalLogin(@NotNull @RequestBody UserLoginModel model)
{
    throw new ResponseStatusException(HttpStatus.FAILED_DEPENDENCY);
    /*log.info("The server has recognized an incoming normal login request login name {}.", model.loginName());
    return getService().requestLogin(model).map((token) ->
    {
        String jwt = token.jwt();
        return ResponseEntity.ok(jwt);
    }).orElseThrow(this::unauthorizedThrowable);*/
}


As it can be seen I've directly told it to throw FAILED_DEPENDENCY (just as a test), because my security config:
csrf.addFilterBefore(jwtFilter, clazz).authorizeHttpRequests(auth ->
{
    auth.requestMatchers(HttpMethod.POST, "/api/v1/user/login").anonymous();
    auth.requestMatchers(HttpMethod.GET,"/api/v1/user/logout").permitAll();
    auth.anyRequest().authenticated();
});

always makes it return 403 when an exception occurred. No matter what exception is thrown, it answers with a 403 when using the endpoint "/api/v1/user/login". When no error is thrown it works, so I don't know what is going on...
Was this page helpful?
CommunitiesDocsAboutTermsPrivacy