Spring security issues happening after deployment on linode
I deployed my spring boot application on linode which is also having spring security with jwt authentication. now i am trying to access mapping which is permitted to use without any authentication though the same code works in my local environment I am not able to use it from linode tried it for many times but still not able to find solution can someone give me any idea where i am going wrong see my code for reference
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String PUBLIC_URLS[] = { "/token/**","/webjars/**","/api/v1/user-handle/login","/createRole","/api/v1/user-handle/create" };
@Autowired
private CustomUserDetailsService customUserService;
@Autowired
private JwtAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private JwtAuthenticationFilter authenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
//http.cors() method was really important as it was enabling cors support with
// spring security and was able to authorize resources on the mappings
//provided in public urls else i was getting eeror from frontend cors not
//allowed
http.cors()
.and()
.authorizeHttpRequests()
.antMatchers(PUBLIC_URLS)
.permitAll()
.antMatchers(HttpMethod.GET)
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.csrf().disable();
http.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserService).passwordEncoder(NoOpPasswordEncoder.getInstance());
}
}
in public urls array u can see /api/v1/user-handle/create mapping which i have permitted to access it without any authentication but still after deployment on linode it's not working and on local dev it's working please help
1 Reply
CassandraD
Linode Staff
✓ Best Answer
I'm not familiar with Spring Boot Applications, but we have a guide showing customers how to Deploy Spring Boot Applications for NGINX on Ubuntu 22.04 so I'm not aware of any reason this wouldn't work on Linode.
Looking at that guide, it says:
Inside the class, add the Spring @RequestMapping annotation. This technique maps a URL to a Spring function.
Making sure that @RequestMapping is in the code for the appropriate file may help.
I also wanted to share this Medium article about Implementing JSON Web Token (JWT) Authentication using Spring Security, which provides a detailed walkthrough that may offer point you in the right direction.
You also could navigate to your IP address to search for any errors that may be displayed there. It doesn't seem like Spring.io has an official forum, but you can search sites like StackOverflow, ServerFault or just Google the error. You can also browse the official Spring Boot documentation to see if something there can help.
Lastly, since you're having trouble accessing something through your Linode that is working locally, I'd recommend making sure that any needed ports are open and not blocked by a firewall, which you can do with the port-scanning toolnmap. Most of what I've read points to these applications using port 8080, but you may have configured something differently.