I am having problem using the @PreAuthorize
annotation for my endpoints after following the Auth0 Spring Security for API quickstart guide. The response i get is:
"status": 401,
"error": "Unauthorized",
"exception":"org.springframework.security.authentication.ProviderNotFoundException"
I have tried to manually set the authentication provider using the following code for my WebSecurityConfig:
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.info("Configuring for Jwt token with iss {} & aud {}", issuer, audience);
JwtWebSecurityConfigurer.forRS256(audience, issuer)
.configure(http)
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/secure/**").hasAuthority("read:secure");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
JwkProvider jwkProvider = new JwkProviderBuilder(issuer).build();
JwtAuthenticationProvider authenticationProvider =new JwtAuthenticationProvider(jwkProvider, issuer, audience);
auth.authenticationProvider(authenticationProvider);
}
And the endpoint looks like this:
@PreAuthorize("permitAll()")
@RequestMapping(value = "/test2")
@ResponseBody
public String test2(){
return"secure";
}
Any advice?