Springboot webflux throwing 401 when Authorization header sent to unrestricted endpoint

Asked Apr 20 '22 at 17:46

Active Feb 02 '23 at 15:13

Viewed 380 times

How to exclude JwtTimestampValidator from the spring security filter. JwtTimestampValidator is getting executed when we pass a JWT token to an open or unrestricted endpoint.

http.authorizeExchange()
.pathMatchers("/open/**").permitAll()
.anyExchange().authenticated()
.and().oauth2ResourceServer().jwt();

asked Apr 20 '22 at 17:46

Prerana Jayakumar

Does this answer your question? [Spring Boot 2: Basic Http Auth causes unprotected endpoints to respond with 401 "Unauthorized" if Authorization header is attached](https://stackoverflow.com/questions/51496100/spring-boot-2-basic-http-auth-causes-unprotected-endpoints-to-respond-with-401) – Eleftheria Stein-Kousathana Apr 21 '22 at 09:35
The above solution doesn't work with spring webflux. According to what I understand we use WebSecurityConfigurerAdapter for spring-web security configuration. – Prerana Jayakumar Apr 21 '22 at 12:54

Springboot webflux throwing 401 when Authorization header sent to unrestricted endpoint

0 Answers0

Linked