I have an end-point called authenticate , this endpoint is given to antMatchers(“/authenticate”) to skip authorization for this end-point, but it still checks for the authentication.
code:
JavaScript
x
@Overrideprotected void configure(HttpSecurity httpSecurity) throws Exception { // We don't need CSRF for this example httpSecurity.csrf().disable() // dont authenticate this particular request .authorizeRequests().antMatchers("/authenticate").permitAll() // all other requests need to be authenticated .and().authorizeRequests() .anyRequest().authenticated() .and() // make sure we use stateless session; session won't be used to // store user's state. .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint) .and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // Add a filter to validate the tokens with every request httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);}Advertisement
Answer
I have an update regarding the issue.
In my case, I had a problem with a function singWith() that was deprecated, the request of /authenticate was passing the antMatchers() filter but was not able to generate the token.
After the research, I found that there are other types of the same function, which works fine.
the old version of the token generation code.
JavaScript
SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode("newworldorder"));Key is of SecretKey type
JavaScript
Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(date) .setExpiration(new Date(validity) .signWith(key).compact();here is the new version of the token generation code.
JavaScript
private String key = "newworldorder";Key is of String type
JavaScript
Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(date) .setExpiration(validity) .signWith(SignatureAlgorithm.HS512, key).compact();