[Socorro] Problema com SecurityFilterChain

O SecurityFilterChain nao deixa passar as outras requisiçoes, apenas a de login com permitAll()


@Configuration
@EnableWebSecurity
public class SecurityConfigurations {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
        return
                http.csrf(csrf -> csrf.disable())
                        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                        .authorizeHttpRequests(req -> {
                            req.requestMatchers("/auth/login").permitAll();
                            req.anyRequest().authenticated();
                        })

                        .build();


    }
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


}



@RequestMapping("auth")
@RestController
public class AutenticationController {

    @Autowired
    private AuthenticationManager manager;
    @Autowired
    private TokenService tokenService;
    @PostMapping("/login")
    @Transactional
    public ResponseEntity login(@Valid @RequestBody DadosAutenticationDTO dados){
        var authenticationToken = new UsernamePasswordAuthenticationToken(dados.login(),dados.senha());
        var authentication = manager.authenticate(authenticationToken);
        var tokenJWT = tokenService.gerarToken((Usuario) authentication.getPrincipal());
        return ResponseEntity.ok(new TokenDTO(tokenJWT));
    }
}



@Component
public class FilterSecurity extends OncePerRequestFilter {
    @Autowired
    private TokenService tokenService;
    @Autowired
    private UsuarioRepository usuarioRepository;
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        System.out.println("FILTRO CHAMADO");
        System.out.println("request: "+request);
        var token = recuperarToken(request);
        System.out.println(token);
        if (token != null) {
            var subject = tokenService.getSubject(token);
            var usuario = usuarioRepository.findByNome(subject);

            var authentication = new UsernamePasswordAuthenticationToken(usuario,null, usuario.getAuthorities());
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }

        filterChain.doFilter(request, response);
    }

    private String recuperarToken(HttpServletRequest request) {
        var authorizationHeader = request.getHeader("Authorization");
        if (authorizationHeader != null) {
            return authorizationHeader.replace("Bearer ", "");
        }

        return null;
    }



}

ja fiz alguns teste com "System.out.println("FILTRO CHAMADO");", o filtro só é chamado pro login e só funciona com as outras requisiçoes se eu colocar junto no "req.requestMatchers("/auth/login" ,"/medico).permitAll();" , aí sim aparece o token, verifica corretamente e faz validação daquela rota.

já nao sei mais oque tentar ;-;

Mergulhe em IA generativa do zero com Alura e Google

5 aulas gratuitas | com certificado