科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>authorization - Micronaut Security raise an AuthorizationException for a DELETE route for a valid JWT and authorized user - Stac

    authorization - Micronaut Security raise an AuthorizationException for a DELETE route for a valid JWT and authorized user - Stac

    programmeradmin0浏览0评论

    I'm trying to understand how Micronaut Security works, but the documentation is not helping me.

    I'm using Java 23, Micronaut 4.7.4, Micronaut Security 4.11.2. I created an AuthenticationProvider that generates a JWT.

    My application.yaml look like this.

    micronaut:
  security:
    enabled: true
    authentication: bearer
    token:
      jwt:
        enabled: true
        bearer:
          prefix: Bearer
          header-name: Authorization

    I have created a controller with 5 paths, 4 of them works without problems, but the one with DELETE raise an AuthorizationException.

    The @Secured annotation is working. If I remove it, any request is blocked.

    Why the DELETE request is being blocked, since a valid JWT was provided? I tryed to add ROLE_ADMIN to the user roles, but did no difference.

    @Controller("/v1/resource")
@Secured(SecurityRule.IS_AUTHENTICATED)
public class ResourceController {

    @Get
    public Page<Entity> findAll(Pageable pageable);

    @Get("/{id}")
    public Entity findById(@PathVariable("id") UUID id);

    @Post
    @Status(HttpStatus.CREATED)
    public Entity create(@Body EntityDTO dto);

    @Patch("/{id}")
    public Entity update(@PathVariable("id") UUID id, @Body EntityDTO dto);

    @Delete("/{id}")
    public Entity deleteCategory(@PathVariable("id") UUID id);
}

    What I'm doing wrong?

    I'm trying to understand how Micronaut Security works, but the documentation is not helping me.

    I'm using Java 23, Micronaut 4.7.4, Micronaut Security 4.11.2. I created an AuthenticationProvider that generates a JWT.

    My application.yaml look like this.

    micronaut:
  security:
    enabled: true
    authentication: bearer
    token:
      jwt:
        enabled: true
        bearer:
          prefix: Bearer
          header-name: Authorization

    I have created a controller with 5 paths, 4 of them works without problems, but the one with DELETE raise an AuthorizationException.

    The @Secured annotation is working. If I remove it, any request is blocked.

    Why the DELETE request is being blocked, since a valid JWT was provided? I tryed to add ROLE_ADMIN to the user roles, but did no difference.

    @Controller("/v1/resource")
@Secured(SecurityRule.IS_AUTHENTICATED)
public class ResourceController {

    @Get
    public Page<Entity> findAll(Pageable pageable);

    @Get("/{id}")
    public Entity findById(@PathVariable("id") UUID id);

    @Post
    @Status(HttpStatus.CREATED)
    public Entity create(@Body EntityDTO dto);

    @Patch("/{id}")
    public Entity update(@PathVariable("id") UUID id, @Body EntityDTO dto);

    @Delete("/{id}")
    public Entity deleteCategory(@PathVariable("id") UUID id);
}

    What I'm doing wrong?

    • jwt
    • authorization
    • micronaut
    • micronaut-security
    Share Improve this question asked Jan 27 at 23:35 Maximiliano Nunes CatarinoMaximiliano Nunes Catarino 5583 gold badges6 silver badges13 bronze badges 1
    • Can you provide further details? For example full request / response conversation. Security logs (set io.micronaut.security Logger to TRACE) – saw303 Commented Jan 28 at 5:42
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    The problem was the micronaut-security-csrf enabled by default on DELETE requests.

    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论