1

Below is code which authorise JWT token (Keyclock) but in case of exception , server never returns 401 

@EnableWebFluxSecurity
public class SecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(final ServerHttpSecurity http) {
    // the matcher for all paths that need to be secured (require a logged-in user)



        http.authorizeExchange(exchanges -> exchanges.pathMatchers("/actuator/**").permitAll()
            .pathMatchers("/abcde/auth").permitAll()
            .pathMatchers("/abcde/auth/refresh").permitAll()
            .anyExchange().authenticated())
            .csrf().disable()
            .oauth2ResourceServer(oauth2ResourceServer ->
                    oauth2ResourceServer
                            .jwt(withDefaults())
            ).exceptionHandling(exception-> exception.authenticationEntryPoint((swe, e) -> Mono.fromRunnable(() -> 
                    {
                        swe.getResponse()
                           .setStatusCode(HttpStatus.UNAUTHORIZED);
                    }
                )
            )
        );
        return http.build();
}

Another question :

Will this piece of code only validate expiry of JWT token or also other validation? What exactly happens is what i am interested to know.

In nutshell is this code sufficient enough for keyclock JWT validation through issuer URL?

Toerktumlare
  • 12,548
  • 3
  • 35
  • 54
user1126046
  • 37
  • 1
  • 2
  • 9
  • if you want to know exactly i recommend looking into the source code. – Toerktumlare Jan 04 '20 at 05:55
  • @ThomasAndolf i think you have replied on my 2nd question . First question is why 401 is not retuned by http request using code mentioned though server logs 401 – user1126046 Jan 06 '20 at 09:49
  • Well you have not written what it returns nor have you posted your logs – Toerktumlare Jan 06 '20 at 11:10
  • @ThomasAndolf here is spring logs in DEBUG mode but there is no response in curl command. I do expect 401 . 2020-01-06 15:49:43.085 DEBUG 85386 --- [ctor-http-nio-4] o.s.w.s.adapter.HttpWebHandlerAdapter : [0c229084] Completed 401 UNAUTHORIZED – user1126046 Jan 06 '20 at 14:51
  • Dont post the logs here, update your question with logs, your curl command etc – Toerktumlare Jan 06 '20 at 20:36

0 Answers0