Springboot 401 Unauthorized Even With Out Security

SpringBoot 401 UnAuthorized even with out security

Try to add below lines in your application.properties file

security.basic.enable: false
security.ignored=/**

According to spring doc, use security.ignored=

Comma-separated list of paths to exclude from the default secured
paths

Getting 401 Unauthorized Even when the user is authenticated (Spring Security)

Can you debug the application? The error you mentioned in the comments javax.management.InstanceNotFoundException: org.springframework.boot:type=Admin,name=SpringApplication is IDE-related, there is stackoverflow post about it, so this is not the issue.

Try to debug code and check:

1. If you, actually, get to JWTAuthorizationFilter
2. If your user is identified as admin user here: List<GrantedAuthority> authorities = jwtTokenProvider.getAuthorities(token);
3. Check if you pass a correct and the newest token to Postman in Authorization header; check url (in the screenshot you have provided url is incorrect, it is useErnames)
4. What is the value of SecurityConsts.TOKEN_PREFIX? It should include space, i.e. 'Bearer '

UPDATE
Based on the comment below regarding my 2nd question (although I meant to check the values during runtime in debug mode, but anyway..)

String[] ADMIN_AUTHORITIES = {"ADMIN_ROLE"};

In the security config you are looking for hasAnyAuthority("ROLE_ADMIN"), but assigned your admin with "ADMIN_ROLE". Wording is different: ROLE_ADMIN vs ADMIN_ROLE.
When you update one of them, be aware that Spring adds word "ROLE" to the authority name by itself in some cases. So try with and without this prefix.

Spring Boot Security - Postman gives 401 Unauthorized

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
       http.csrf().disable().authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers(HttpMethod.POST,"/newuser").permitAll()
        .antMatchers(HttpMethod.POST, "/login").permitAll()
        .antMatchers(HttpMethod.POST,"/newuser/*").permitAll()
        .antMatchers(HttpMethod.GET,"/master/*").permitAll()
         .antMatchers(HttpMethod.GET,"/exploreCourse").permitAll()
        .anyRequest().authenticated()
    }
}

You need to configure Spring Security, by default all routes all secured for authrorization.

Please have a look JWT Token implementation at this Link.

401 Unauthorized Error in Spring Security

question resolved
i added this code to the configure() method to webSecurityConfig class

.antMatchers("/**").hasAnyRole("ADMIN","USER","MODERATOR").anyRequest().authenticated().and()      .logout()   .invalidateHttpSession(true)   .clearAuthentication(true)   .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))   .logoutSuccessUrl("/login?logout")   .permitAll();http.addFilterBefore( authenticationJwtTokenFilter(),  UsernamePasswordAuthenticationFilter.class);

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>