Todas as requisições que faço para o post estão recebendo 403. Tanto o basic quanto no jwt. Segue a classe de configuração: ``` package com.counterbalance.forum.config import

Bruno, boa tarde. Vc consegue ver no log da aplicação se está buscando o usuário no banco de dados?

Todas as requisições que faço para o post estão recebendo 403. Tanto o basic quanto no jwt. | Kotlin e Spring: segurança e infraestrutura

Todas as requisições que faço para o post estão recebendo 403. Tanto o basic quanto no jwt.

Segue a classe de configuração:


package com.counterbalance.forum.config

import com.counterbalance.forum.security.JWTAuthenticationFilter
import com.counterbalance.forum.security.JWTLoginFilter
import org.h2.server.web.WebServlet
import org.springframework.boot.web.servlet.ServletRegistrationBean
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.web.filter.OncePerRequestFilter


@Configuration
@EnableWebSecurity
class SecurityConfiguration(
    private val userDetailService: UserDetailsService,
    private val jwtUtil: JwtUtil
) : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity?) {
        http?.
        csrf()?.disable()?.
        authorizeRequests()?.
        //antMatchers("/topics")?.hasAnyAuthority("READ_WRITE")?.
        antMatchers("/h2-console/*")?.permitAll()?.
        antMatchers(HttpMethod.POST,"/login")?.permitAll()?.
        anyRequest()?.
        authenticated()?.
        and()
        http?.addFilterBefore(JWTLoginFilter(authManager = authenticationManager(), jwtUtil = jwtUtil ), UsernamePasswordAuthenticationFilter().javaClass)
        http?.addFilterBefore(JWTAuthenticationFilter(jwtUtil = jwtUtil), UsernamePasswordAuthenticationFilter().javaClass)
        http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    }

    @Bean
    fun bCryptPasswordEncoder(): BCryptPasswordEncoder{
        return BCryptPasswordEncoder()
    }

    override fun configure(auth: AuthenticationManagerBuilder?) {
        auth?.userDetailsService(userDetailService)?.passwordEncoder(bCryptPasswordEncoder())
    }

//    @Bean
//    fun h2servletRegistration(): ServletRegistrationBean<*>? {
//        val registrationBean: ServletRegistrationBean<*> = ServletRegistrationBean(WebServlet())
//        registrationBean.addUrlMappings("/h2-console/*")
//        return registrationBean
//    }
}

att

Chegou a hora de transformar