Auth0 Spring Security API ProviderNotFoundException when using @PreAuthorize

auth06 · July 18, 2017, 1:49am

I am having problem using the @PreAuthorize annotation for my endpoints after following the Auth0 Spring Security for API quickstart guide. The response i get is:

 "status": 401,
 "error": "Unauthorized",
 "exception":"org.springframework.security.authentication.ProviderNotFoundException"

I have tried to manually set the authentication provider using the following code for my WebSecurityConfig:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        logger.info("Configuring for Jwt token with iss {} & aud {}", issuer, audience);
        JwtWebSecurityConfigurer.forRS256(audience, issuer)
                .configure(http)
                .authorizeRequests()
                .antMatchers(HttpMethod.GET, "/secure/**").hasAuthority("read:secure");
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        JwkProvider jwkProvider = new JwkProviderBuilder(issuer).build();
        JwtAuthenticationProvider authenticationProvider =new JwtAuthenticationProvider(jwkProvider, issuer, audience);
        auth.authenticationProvider(authenticationProvider);
    }

And the endpoint looks like this:

    @PreAuthorize("permitAll()")
    @RequestMapping(value = "/test2")
    @ResponseBody
    public String test2(){
        return"secure";
    }

Any advice?

brianra · December 28, 2017, 1:51am

We are seeing similar responses, seemingly out of the blue. This is happening for us only on Native client requests. SPA client requests seem fine. This is happening on a Prod app that has been in prod for months without this issue.

@auth06 - did you ever find an answer to this?