Describe the bug I migrated to Spring Boot 3 and Spring Security 6, and when I started testing the APIs that are permitted for anyone it always said access denied
I used the following code to configure the authorization filter
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeHttpRequests(authorize -> {
authorize.shouldFilterAllDispatcherTypes(false);
authorize.requestMatchers(WhiteListAPIs.apis).permitAll();
authorize.anyRequest().authenticated();
});
http.oauth2ResourceServer(oauth2 -> oauth2
.opaqueToken(token -> token.introspectionUri(this.introspectionUri)
.introspectionClientCredentials(this.clientId, this.clientSecret)));
return http.build();
}
After debugging and going deep, I found that the AuthorizationFilter mappings has only one element and after matching it returns access denied as you can see in the following image:
Comment From: marcusdacoregio
Hi @mahdiraddadi, have you added @Configuration to your security configuration class as mentioned here?
Comment From: mahdiraddadi
Hi @marcusdacoregio, Thank you for your response, I confirm that @Configuration is missing but for your information it's working fine without it in the older version of spring