spring-boot


Spring Boot Security PreAuthorize 1.4.3 not working [Any authorization check fails]


Based on the documentation, it appears very simple, with Just a #PreAuthorize attribute is enough to authorize at controller or method level, but it is not working. I have tried several combinations was not able to figure out what the issue is.
Here is my Controller-Method code
#RequestMapping(value = "/status/{orderNumber}", method = RequestMethod.GET)
#PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity GetStatus(#PathVariable(value ="orderNumber") String orderNumber){
WebSecurityConfiguration
protected void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
}
Error
[nio-8080-exec-2] c.i.v.s.CustomAuthenticationTokenFilter : checking authentication for user verifier
GlobalExceptionHandler:20 - Exception :: URL=http://localhost:8080/myrequest/v1/status/5002 org.springframework.security.access.AccessDeniedException: Access is denied
I have tried hasAuthority and hasRole both return
{
"timestamp": 1487289099627,
"status": 403,
"error": "Forbidden",
"exception": "org.springframework.security.access.AccessDeniedException",
"message": "Access is denied",
"path": "/myrequest/v1/status/5002"
}
Source code available in Git, to see the error. Readme should help you to start.
https://github.com/vivdso/SpringAuthentication

Related Links

How to configure ssl between spring boot application and cassandra using CassandraAutoConfiguration?
Being logged out when using Hazelcast distrubuted sessions in Jhipster
Force Spring Boot to use servlet mapping in web.xml
SpringBoot Test ContextConfiguration has no banner
NPE in jax-rs service for jpa query in Spring Boot + Wildfly 10
IllegalStateException in Spring Boot Application Startup
endpoints.health.sensitive=true but health endpoint still shows details
Spring Data Cassandra with QueryDSL
About spring-boot-starter-hornetq
Spring Boot use separate user for flywaydb and JPA
POST duplicate entry not causing PK collision in Spring Data REST
Cannot Query Neo4j Repositories
Spring boot archetypes not available after 1.0.2.RELEASE
Spring Boot Oauth2 with slack
Spring Cloud Config Server using SVN
#Autowire combined with #InjectMocks

Categories

HOME
classification
ckan
redux
service
grpc
casting
postsharp
conceptual
query-string
coordinates
opc-ua
liquidsoap
kendo-asp.net-mvc
scapy
sahi
rtc
ios-universal-links
apache-httpclient-4.x
desktop-application
watson-dialog
element
webseal
novacode-docx
react-jsx
serenity-js
multipart
mattermost
onclicklistener
email-client
prepros
windows-mobile
units-of-measurement
pypy
schedule
boost-log
multilanguage
blockly
dropdownbox
ragel
android-databinding
gstreamer-1.0
stochastic-process
motion
lex
origami
jquery-inputmask
keychain
php-mongodb
amazon-fire-tv
spring-ide
jenkins-2
infovis
riemann
dotnet-cli
fluent-nhibernate-mapping
activesupport
ajv
seyren
vertex-shader
sqlproj
jira-agile
recurring
sprockets
angularfire
mod
clique
oryx
askbot
gnu-sort
magnet-uri
jcomponent
photogrammetry
nfa
conkeror
pysvn
launcher
isl
visual-studio-setup-proje
smartxls
traceur
cvi
html5-filesystem
scidb
stringstream
dynamic-expresso
mosix
orchestration
winrt-async
mvcmailer
jqueryi-ui-buttonset
inserthtml
joomla1.7
ruby-1.9
copyfile
code-organization
zipstream
norton
llblgen
rpxnow
managed-code
httpbrowsercapabilities

Resources

Encrypt Message