I created a very simple SpringBoot app (pretty much a CRUD) and added JWT auth for users. The requests are all tested with postman and are working fine and interacting with the db without in cloud without any issues. My configuration class looks like this:
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {
private final JwtAuthenticationFilter jwtAuthFilter;
private final AuthenticationProvider authenticationProvider;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthenticationFilter jwtAuthenticationFilter) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.cors(Customizer.withDefaults())
.authorizeHttpRequests((authorizeHttpRequests) ->
authorizeHttpRequests
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/auth/**").permitAll()
.anyRequest().authenticated()
)
.sessionManagement((sessionManagement) ->
sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}}
The issue I get is that even though with this configuration the requests are working fine with postman, when I make the same request from a React App I’m getting the errors:
I’m not sure what configuration could be missing. In console I get:
2
Answers
The issue was the order in the config class, after changing:
to:
it worked just fine
You need to allow the host of the client: