Todas as requisições que faço para o post estão recebendo 403. Tanto o basic quanto no jwt.
Segue a classe de configuração:
package com.counterbalance.forum.config
import com.counterbalance.forum.security.JWTAuthenticationFilter
import com.counterbalance.forum.security.JWTLoginFilter
import org.h2.server.web.WebServlet
import org.springframework.boot.web.servlet.ServletRegistrationBean
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.web.filter.OncePerRequestFilter
@Configuration
@EnableWebSecurity
class SecurityConfiguration(
private val userDetailService: UserDetailsService,
private val jwtUtil: JwtUtil
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity?) {
http?.
csrf()?.disable()?.
authorizeRequests()?.
//antMatchers("/topics")?.hasAnyAuthority("READ_WRITE")?.
antMatchers("/h2-console/*")?.permitAll()?.
antMatchers(HttpMethod.POST,"/login")?.permitAll()?.
anyRequest()?.
authenticated()?.
and()
http?.addFilterBefore(JWTLoginFilter(authManager = authenticationManager(), jwtUtil = jwtUtil ), UsernamePasswordAuthenticationFilter().javaClass)
http?.addFilterBefore(JWTAuthenticationFilter(jwtUtil = jwtUtil), UsernamePasswordAuthenticationFilter().javaClass)
http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}
@Bean
fun bCryptPasswordEncoder(): BCryptPasswordEncoder{
return BCryptPasswordEncoder()
}
override fun configure(auth: AuthenticationManagerBuilder?) {
auth?.userDetailsService(userDetailService)?.passwordEncoder(bCryptPasswordEncoder())
}
// @Bean
// fun h2servletRegistration(): ServletRegistrationBean<*>? {
// val registrationBean: ServletRegistrationBean<*> = ServletRegistrationBean(WebServlet())
// registrationBean.addUrlMappings("/h2-console/*")
// return registrationBean
// }
}
att