Hey! I followed your blog to implement JWT with spring security but i am running into problem when using @Secured("IS_AUTHENTICATED_ANONYMOUSLY") at controller action. It is not working there. what i want is to protect everything except some actions but when doing this getting 401 error. I am not passing any "Authorization" header. here is my config:
Hey! I followed your blog to implement JWT with spring security but i am running into problem when using @Secured("IS_AUTHENTICATED_ANONYMOUSLY") at controller action. It is not working there. what i want is to protect everything except some actions but when doing this getting 401 error. I am not passing any "Authorization" header. here is my config:
@Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/", "/favicon.ico", "//*.png", "/*/.gif", "//*.svg", "//*.jpg", "/*/.html", "//*.css", "//*.js") .permitAll() .antMatchers("/v2/api-docs", "/configuration/*", "/swagger/", "/webjars/") .permitAll() .antMatchers("/", "/assets/", "/swagger-ui.html") .permitAll() .antMatchers("/api/auth/**") .permitAll() .anyRequest() .authenticated();
and below is jwtAuthentication filter
please help.