spring security permitAll doesn't work | Together Java | Page 1

uncut granite Sep 19, 2023, 5:29 PM

#

    @Bean
    MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
        return new MvcRequestMatcher.Builder(introspector);
    }
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
        return http
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> {
                    auth.requestMatchers(mvc.pattern("/auth/**")).permitAll();
                    auth.anyRequest().authenticated();
                })
                .httpBasic(withDefaults())
                .build();
    }```

here permitAll doesnt work as intended, how do i fix it, it still gives 401 on auth/register

mental warrenBOT Sep 19, 2023, 5:29 PM

#

uncut granite ```java @Bean MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector i...

Detected code, here are some useful tools:

Formatted code

@Bean
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
  return new MvcRequestMatcher.Builder(introspector);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
  return http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> {
    auth.requestMatchers(mvc.pattern("/auth/**")).permitAll();
    auth.anyRequest().authenticated();
  }
  ).httpBasic(withDefaults()).build();
}

#

<@&1004656351647117403> please have a look, thanks.

mental warrenBOT Sep 19, 2023, 5:29 PM

#

mental warren <@&1004656351647117403> please have a look, thanks.

#

While you are waiting for getting help, here are some tips to improve your experience:

Code is much easier to read if posted with syntax highlighting and proper formatting.

If nobody is calling back, that usually means that your question was not well asked and hence nobody feels confident enough answering. Try to use your time to elaborate, provide details, context, more code, examples and maybe some screenshots. With enough info, someone knows the answer for sure.

Don't forget to close your thread using the command </help-thread close:1027500463647621170> when your question has been answered, thanks.

#

Here is an AI assisted attempt to answer your question 🤖. Maybe it helps! In any case, a human is on the way 👍. To continue talking to the AI, you can use </chatgpt:1108714622413963314>.

#

The permitAll() method in Spring Security allows all requests to be permitted without any authentication. To use it, you need to configure it in your security configuration class.

Here's an example of how you can use permitAll() in your code:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .mvcMatchers("/public/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin();
    }
}

In this example, the /public/** endpoint is configured to be accessible without any authentication using the permitAll() method. All other endpoints require authentication.

Make sure that you have properly imported the necessary classes and dependencies for MvcRequestMatcher.Builder and HandlerMappingIntrospector.

royal cloud Sep 19, 2023, 5:32 PM

#

@uncut granite are you passing the correct endpoint? missing / can cause problems

uncut granite Sep 19, 2023, 5:32 PM

#

i tried both

#

http://localhost:8000/auth/register

#

and

#

http://localhost:8000/auth/register/

#

endpoint configured here:

    @PostMapping("/register")
    public ApplicationUser registerUser(@RequestBody RegistrationDTO body) {
        return auth.registerUser(body.getUsername(), body.getPassword());
    }```

mental warrenBOT Sep 19, 2023, 5:33 PM

#

uncut granite endpoint configured here: ```java @PostMapping("/register") public Appli...

Detected code, here are some useful tools:

Formatted code

@PostMapping("/register") public ApplicationUser registerUser(@RequestBody
RegistrationDTO body) {
  return auth.registerUser(body.getUsername(), body.getPassword());
}

royal cloud Sep 19, 2023, 5:42 PM

#

it's hard to tell but more likely that csrf is causing issues here, have you tried this for a get endpoint?

#

it was painful for me to set it up correctly back then zuccwater

uncut granite Sep 19, 2023, 5:43 PM

#

2023-09-19T20:41:54.936+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.security.web.FilterChainProxy : Securing GET /auth/register/
2023-09-19T20:41:54.946+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.security.web.FilterChainProxy : Secured GET /auth/register/
2023-09-19T20:41:54.957+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-09-19T20:41:54.959+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.security.web.FilterChainProxy : Securing GET /error
2023-09-19T20:41:54.962+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2023-09-19T20:41:54.964+03:00 DEBUG 26416 --- [nio-8000-exec-1] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8000/error?continue to session
2023-09-19T20:41:54.965+03:00 DEBUG 26416 --- [nio-8000-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2023-09-19T20:41:54.965+03:00 DEBUG 26416 --- [nio-8000-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@4eb55df6

#

my debug logs btw

#

from spring security

royal cloud Sep 19, 2023, 5:49 PM

#

Do you have a git repo or something? i can't promise anything but can take a look.

uncut granite Sep 19, 2023, 5:53 PM

#

royal cloud Do you have a git repo or something? i can't promise anything but can take a loo...

https://github.com/unknownkoder/spring-security-login-system/blob/main/AuthenticatedBackend/src/main/java/com/unkownkoder/configuration/SecurityConfiguration.java

its not mine but, my codes are more or less same

GitHub

spring-security-login-system/AuthenticatedBackend/src/main/java/com...

Public repository for my Spring Security tutorial to create a authenticated backend with Spring Data JPA database access, JWT generation, and login/register capabilities through HTTP Post requests....

royal cloud Sep 19, 2023, 5:54 PM

#

More or less won't be of much help, i would need to run exact configs you have in order figure out what might be causing the issue.

uncut granite Sep 19, 2023, 5:57 PM

#

royal cloud More or less won't be of much help, i would need to run exact configs you have i...

hmm i need to update to git then 😄

#

okay

#

https://github.com/mertkug/LoginExample

GitHub

GitHub - mertkug/LoginExample

Contribute to mertkug/LoginExample development by creating an account on GitHub.

uncut granite Sep 19, 2023, 6:34 PM

#

without mvc pattern it fails saying this:

#

This is because there is more than one mappable servlet in your servlet context: {org.h2.server.web.JakartaWebServlet=[/h2-console/*], org.springframework.web.servlet.DispatcherServlet=[/]}.

#

but i dont even have servlet in my app lol

royal cloud Sep 19, 2023, 6:51 PM

#

ye happened with me as well, it's kinda difficult to find what's wrong been a while since i touched spring security.

tame cedar Sep 19, 2023, 7:42 PM

#

uncut granite but i dont even have servlet in my app lol

Hey there

#

You still have issue?

uncut granite Sep 19, 2023, 8:29 PM

#

royal cloud ye happened with me as well, it's kinda difficult to find what's wrong been a wh...

changing h2 in-memory to postgre solved problem 😄

#

database

#spring security permitAll doesn't work