TechQA.

Configuring security in Spring boot 3.1

72 views Asked by At

I'm migrating from Spring boot 2.5 to 3.1 and I'm having issues getting the security configuration working.

This is my current configuration:

@Configuration
public class ResourceServerConfig {

    private static final String[] WHITELISTED_ENDPOINTS = {
        "/docs",
        "/swagger-ui/**",
        "/swagger-ui.html",
        "/swagger-resources/**",
        "/v2/**", "/v3/**",
        "/webjars/**",
        "/css/corner-ribbon.css",
        "/actuator/**",
        "/api/health",
        "/camunda-welcome/**",
        "/camunda/**",
        "/api/engine/**",
        "/api/admin/**",
        "/api/cockpit/**",
        "/app/**",
        "/lib/**",
        "/api/tasklist/**"
    };

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
            .csrf(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(
                authorize -> authorize.requestMatchers(WHITELISTED_ENDPOINTS)
                    .permitAll()
                    .anyRequest()
                    .authenticated())
            .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
            .build();
    }

}

Error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilterChain' defined in some.org.security.ResourceServerConfig: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'securityFilterChain' threw exception with message: This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher).

This is because there is more than one mappable servlet in your servlet context: {org.glassfish.jersey.servlet.ServletContainer=[/camunda/api/admin/*], org.springframework.web.servlet.DispatcherServlet=[/]}.

I'm assuming the issue is here: The main server is tomcat but the application has jersey config for Camunda rest engine

@Component
@ApplicationPath("/engine-rest")
public class CustomCamundaJerseyResourceConfig extends CamundaJerseyResourceConfig {
    protected void registerCamundaRestResources() {
        super.registerCamundaRestResources();
    }
}

It was working on spring boot 2.5, any idea how to get it working on 3.1?

java spring-boot spring-security spring-resource-server
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in SPRING-RESOURCE-SERVER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions