Hi,
I’m using Auth0 in a Spring Boot application. It looks like the Auth0 provider is not found by Spring Security. I find the following line in DEBUG log level.
No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken
2018-10-29 22:20:02.715 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.authentication.ProviderManager : Authentication attempt using com.auth0.spring.security.api.JwtAuthenticationProvider
2018-10-29 22:20:02.719 DEBUG 25693 --- [nio-8080-exec-2] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=2018-10-29T21:20:02.719Z, principal=facebook|XXXXXXXXXXXXXX, type=AUTHENTICATION_FAILURE, data={details=com.auth0.jwt.JWTDecoder@165aaa81, type=org.springframework.security.authentication.ProviderNotFoundException, **message=No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken**}]
2018-10-29 22:20:02.721 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Authentication exception occurred; redirecting to authentication entry point
Authentication is of course failing, saysing “Not a valid token” … which is missleading.
org.springframework.security.authentication.BadCredentialsException: Not a valid token
at com.auth0.spring.security.api.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:61) ~[auth0-spring-security-api-1.1.0.jar:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:354) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:229) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
I have a simple config
JwtWebSecurityConfigurer
.forRS256(apiAudience, issuer)
.configure(http)
.anonymous().disable()
.authorizeRequests().antMatchers("/api/private/bookings").authenticated()
I’m using Spring Boot 2.0.3.RELEASE.
Looks like the problem has been reported already. The ticket was closed without any solution!!
Could you pleae help? I’m struggling with this since weeks.
Thanks,
O.