All requests to /graphql always result in 401 unauthorized status (Spring boot 3.0.0 and WebMvc) #576
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
I have the same issue, this may be related to this |
|
I was staring a new project using spring boot 3.0.0 and was getting the same issue when protecting all endpoints and using JWT with AWS Cognito @Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.csrf(CsrfConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.anyRequest().authenticated())
.securityContext(context -> context.requireExplicitSave(false)) // <<<---------
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}
}What solved the issue for me, at least for now (keep in mind this is a brand new project), was to add this line: .securityContext(context -> context.requireExplicitSave(false))I'm not sure yet why it worked setting this to Here is my repo with the project example. |
|
Had the same issue, and upgraded to 3.0.1 to fix it. I think it's fixed in 3.0.1. |
|
Awesome, just tested here upgrading to 3.0.1 and it worked like a charm. Thanks @m-thirumal for the tip 🙌 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proof example app with details in README.md: https://github.com/ohapegor/spring-graphql-security-bug
The text was updated successfully, but these errors were encountered: