I have an end-point called authenticate , this endpoint is given to antMatchers(“/authenticate”) to skip authorization for this end-point, but it still checks for the authentication.
code:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// We don't need CSRF for this example
httpSecurity.csrf().disable()
// dont authenticate this particular request
.authorizeRequests().antMatchers("/authenticate").permitAll()
// all other requests need to be authenticated
.and().authorizeRequests()
.anyRequest().authenticated()
.and()
// make sure we use stateless session; session won't be used to
// store user's state.
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
Advertisement
Answer
I have an update regarding the issue.
In my case, I had a problem with a function singWith() that was deprecated, the request of /authenticate was passing the antMatchers() filter but was not able to generate the token.
After the research, I found that there are other types of the same function, which works fine.
the old version of the token generation code.
SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode("newworldorder"));
Key is of SecretKey type
Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(date)
.setExpiration(new Date(validity)
.signWith(key).compact();
here is the new version of the token generation code.
private String key = "newworldorder";
Key is of String type
Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(date)
.setExpiration(validity)
.signWith(SignatureAlgorithm.HS512, key).compact();