SpringBoot 401 UnAuthorized even with out security
Try to add below lines in your application.properties
file
security.basic.enable: false
security.ignored=/**
According to spring doc, use security.ignored=
Comma-separated list of paths to exclude from the default secured
paths
Getting 401 Unauthorized Even when the user is authenticated (Spring Security)
Can you debug the application? The error you mentioned in the comments javax.management.InstanceNotFoundException: org.springframework.boot:type=Admin,name=SpringApplication
is IDE-related, there is stackoverflow post about it, so this is not the issue.
Try to debug code and check:
- If you, actually, get to
JWTAuthorizationFilter
- If your user is identified as admin user here:
List<GrantedAuthority> authorities = jwtTokenProvider.getAuthorities(token);
- Check if you pass a correct and the newest token to Postman in
Authorization
header; check url (in the screenshot you have provided url is incorrect, it isuseErnames
) - What is the value of
SecurityConsts.TOKEN_PREFIX
? It should include space, i.e. 'Bearer '
UPDATE
Based on the comment below regarding my 2nd question (although I meant to check the values during runtime in debug mode, but anyway..)
String[] ADMIN_AUTHORITIES = {"ADMIN_ROLE"};
In the security config you are looking for hasAnyAuthority("ROLE_ADMIN")
, but assigned your admin with "ADMIN_ROLE"
. Wording is different: ROLE_ADMIN vs ADMIN_ROLE.
When you update one of them, be aware that Spring adds word "ROLE" to the authority name by itself in some cases. So try with and without this prefix.
Spring Boot Security - Postman gives 401 Unauthorized
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers(HttpMethod.POST,"/newuser").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers(HttpMethod.POST,"/newuser/*").permitAll()
.antMatchers(HttpMethod.GET,"/master/*").permitAll()
.antMatchers(HttpMethod.GET,"/exploreCourse").permitAll()
.anyRequest().authenticated()
}
}
You need to configure Spring Security, by default all routes all secured for authrorization.
Please have a look JWT Token implementation at this Link.
401 Unauthorized Error in Spring Security
question resolved
i added this code to the configure() method to webSecurityConfig class
.antMatchers("/**").hasAnyRole("ADMIN","USER","MODERATOR").anyRequest().authenticated().and() .logout() .invalidateHttpSession(true) .clearAuthentication(true) .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login?logout") .permitAll();http.addFilterBefore( authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
how can i fix "Error 401 Unauthorized" on Spring Boot
If you don't need spring security in your project then remove below 2 dependencies from your pom.xml file
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
And if you need basic security then only use 2nd dependency And default user name is "user" and password you will get from console log.
Related Topics
How to Fill Hashmap from Java Property File With Spring @Value
Arraylist - How to Check If an Index Exists
Sqlite_Error - SQL Error or Missing Database (Near "Autoincrement": Syntax Error)
How to Get Http Response Code Using Selenium Webdriver
Maven Builds Are Working, But Junit Is Throwing a Nosuchmethoderror
Is There a Simpler Way to Check Multiple Values Against One Value in an If-Statement
How to Pass Topics Dynamically to a Kafka Listener
Spring Rest Handling Empty Request Body (400 Bad Request)
How Would You Make a !!Say Command for a Discord Bot
Using Streams to Convert a List of Objects into a String Obtained from the Tostring Method
How to Create a Spring JPA Repository Findby Query Using a Property That Contains a Keyword
Null Pointer on an Autowired Bean Which Is Not Mocked by Mockito
Java.Sql.Sqlexception: Access Denied for User 'Root'@'Localhost' (Using Password: Yes)
How to Get Multiple Columns from Table Using Jpa