-3

Here is the security configuration I am using

@Configuration
public class SpringSecurityConfiguration {

    @Bean
    public SecurityFilterChain getFilter(HttpSecurity http) throws Exception{
        http.csrf().disable();
        http.authorizeHttpRequests(
                auth->auth.anyRequest().authenticated()
        );
        http.httpBasic(Customizer.withDefaults());

        return http.build();

    }
}

I have two endpoints

  1. loginUser as get method ->whose authentications is working
  2. registerUser as post method -> whose authentication is always failing.

Version used :

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.0.6</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

Any suggestion why the registerUser endpoint is alone failing?

Actually, I don't want any authentication for registry endpoint. So I tried disabling authentication for that path using "requestMatchers". Even after disabling, I am getting 401 unauthorized error. So while debugging, I removed the requestMatchers settings and tried authenticating as It should authenticate but it is failing. Also, I tried disabling csrf, but not working

Krishnateja Sekar
  • 20
  • 3

1 Answers1

-1

Using (1) you are saying that all request need to be authenticated including the endpoint to register your user, before doing this you have to specify the url without any authentication (2).

(1)

http.authorizeHttpRequests(
                auth->auth.anyRequest().authenticated()
        );

(2)

http.authorizeHttpRequests(
                auth->auth.requestMatchers("YOUR_PATH_WITHOUT_AUTHENTICATION")
                                             .permitAll().anyRequest().authenticated()
        );
Ton cs
  • 156
  • 1
  • 1
  • 13
  • don't forget to disable the csrf if you are not using it http .csrf(AbstractHttpConfigurer::disable) – Ton cs Sep 01 '23 at 08:08