Using the code from the Quickstart guide and running into issues.
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.mvcMatchers(HttpMethod.GET, "/api/menu/items/**").permitAll() // GET requests don't need auth
.mvcMatchers("/webhook/**")
.permitAll() // Allow webhook calls
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.decoder(jwtDecoder());
}
My understanding is this should allow calls to /webhook to pass freely, but it’s not working as expected. My webhook calls are getting authenticated and throwing 401 errors. What’s wrong?
I am sorry about the late reply to your inquiry regarding the matter.
I would highly recommend to review the following post from StackOverflow since it covers some points to why .permitAll() might not function properly for the specified endpoint:
Please also keep in mind that authorizeRequests() has been deprecated and replace by authorizeHttpRequests(). You can also check if you are passing the necessary scopes and audience in your requests.
If you have any other questions, feel free to reply or post again on the community!
Kind Regards,
Nik
Otherwise, you can review our blog post regarding Spring Boot Authorization since you might have overlooked a step.