#Is it a bad practice to set .requestMatchers("/error").permitAll()?

3 messages · Page 1 of 1 (latest)

pulsar imp Apr 22, 2023, 11:29 AM

I've implemented my own filter for jwt authentication. It works, because with Trace logging enabled i can see that access to "/api/report" endpoint is granted, but then spring says "Securing POST "/error" And after that i get 401 Unauthorized. .requestMatchers("/error").permitAll() fixes this issue, but it isn't a very good solution is it..?

P.S. I use spring-boot-starter-security 3.0.6

gentle craneBOT Apr 22, 2023, 11:29 AM

⌛ This post has been reserved for your question.

Hey @pulsar imp! Please use /close or the Close Post button above when you're finished. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.