Thanks for reporting an issue for Micronaut, please review the task list below before submitting the
issue. Your issue report will be closed if the issue is incomplete and the below tasks not completed.
Logs:
11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.server.netty.NettyHttpServer - Server localhost:8080 Received Request: POST /login
11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.s.netty.RoutingInBoundHandler - Matching route POST - /login
11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.s.netty.RoutingInBoundHandler - Matched route POST - /login to controller class io.micronaut.security.endpoints.LoginController
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.context.DefaultBeanContext - Resolved existing bean [io.micronaut.http.server.netty.jackson.JsonHttpContentSubscriberFactory@18110b0] for type [interface io.micronaut.http.server.netty.HttpContentSubscriberFactory] and qualifier [Content-Type: application/json;charset=utf-8]
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.TokenAuthenticationFetcher - Unauthenticated request POST, /login, no token found.
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.security.filters.SecurityFilter - Failure to authenticate request. POST /login.
11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.security.filters.SecurityFilter - Authorized request POST /login. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
Ultimately this looks like there's something up with Configuration, possibly with json configuration.
For some reason the /login endpoint is not being mapped as Anonymous (it would have to be since that's how the token is obtained). The authorization filter shouldn't be running on the /login endpoint. I also attempted changing the configuration like so:
Thanks for reporting an issue for Micronaut, please review the task list below before submitting the issue. Your issue report will be closed if the issue is incomplete and the below tasks not completed.
NOTE: If you are unsure about something and the issue is more of a question a better place to ask questions is on Stack Overflow (http://stackoverflow.com/tags/micronaut) or Gitter (https://gitter.im/micronautfw/). DO NOT use the issue tracker to ask questions.
Task List
Steps to Reproduce
Expected Behaviour
When POST to /login is sent, the endpoint should resolve normally.
Actual Behaviour
The HTTP error 401 - Unauthorized is sent back to the HTTP client.
Example Application
https://gitlab.com/mdraper/micronaut-api-experiment
Logs: 11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.server.netty.NettyHttpServer - Server localhost:8080 Received Request: POST /login 11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.s.netty.RoutingInBoundHandler - Matching route POST - /login 11:49:41.316 [nioEventLoopGroup-1-13] DEBUG i.m.h.s.netty.RoutingInBoundHandler - Matched route POST - /login to controller class io.micronaut.security.endpoints.LoginController 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.context.DefaultBeanContext - Resolved existing bean [io.micronaut.http.server.netty.jackson.JsonHttpContentSubscriberFactory@18110b0] for type [interface io.micronaut.http.server.netty.HttpContentSubscriberFactory] and qualifier [Content-Type: application/json;charset=utf-8] 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.reader.HttpHeaderTokenReader - Looking for bearer token in Authorization header 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.s.t.TokenAuthenticationFetcher - Unauthenticated request POST, /login, no token found. 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.security.filters.SecurityFilter - Failure to authenticate request. POST /login. 11:49:41.317 [nioEventLoopGroup-1-13] DEBUG i.m.security.filters.SecurityFilter - Authorized request POST /login. The rule provider io.micronaut.security.rules.SecuredAnnotationRule authorized the request.
Ultimately this looks like there's something up with Configuration, possibly with json configuration.
For some reason the /login endpoint is not being mapped as Anonymous (it would have to be since that's how the token is obtained). The authorization filter shouldn't be running on the /login endpoint. I also attempted changing the configuration like so:
`
"security": { "enabled": true, "endpoints": { "login": { "enabled": true, "path": "/login" }, "oauth": { "enabled": true } }, "interceptUrlMap": { "pattern": "/login", "httpMethod": "POST", "access": "isAnonymous()" }, "token": { "jwt": { "enabled": true, "signatures": { "secret": { "generator" :{ "secret": "fqu8pLTC5aTC2rZ2yySAzVQajQVXLj3V" } } } } } },
` But that didn't work either (still 401 - Unauthorized.