Reputation: 124
Spring Boot with Jersey basic authentication always 404
I try to create a SpringBoot application using jersey and spring security. I want to protect my whole application using basic authentication. My Security configuration:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true, securedEnabled = true, prePostEnabled = true)
public class WebSerucityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
@Override
public void configure(WebSecurity web) throws Exception {
web.debug(true);
}
@Autowired(required = false)
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
My Jersey controller:
@Component
@Path("/")
public class Home {
@GET
@Produces("application/json")
public String list() {
String email = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
return email;
}
}
Without Spring security (if I permit all request) the application controller run, but if I enable httpBasic authentication I always get http 404.
Any idea?
Upvotes: 2
Views: 1989
Answers (1)
Reputation: 82
It is because Jersey and Spring MVC is mapping to the same place - to root context "/".
Check your logs: Spring’s Dispatcher Servlet is registered after Jersey Servlet (check ServletRegistrationBean phrase in your logs).
And the scenario is:
- You sent request for example using curl
- Jersey tried to handle your request but HTTP Error 401 Unauthorized appeared
- Now Spring MVC tried to handle your request
- But you haven't configured this particular context in Spring MVC so Http Error 404 Not found appeared
That's why you have always this 404.
The easiest solution is to add property in your application.properties
server.servlet-path=/some_context_for_spring_mvc
It makes that Jersey will be mapped to root "/" but Spring MVC to some_context_for_spring_mvc - and now conflict between Jersey and Spring MVC disappear.
More details about Spring MVC in Spring Boot you can find here:
Spring Boot wants to serve all content from the root of your application / down. If you would rather map your own servlet to that URL you can do it, but of course you may lose some of the other Boot MVC features. To add your own servlet and map it to the root resource just declare a @Bean of type Servlet and give it the special bean name dispatcherServlet (You can also create a bean of a different type with that name if you want to switch it off and not replace it).
I hope this helps.
Upvotes: 5
Related Questions
- Jersey returns 404 with any error status code?
- Spring Boot Jersey Autconfiguration
- Spring Security HTTP 403 Forbidden
- Spring boot basic auth always gives 401 error
- Spring Boot v1.5.3.RELEASE with Jersey 2 return 404 to all requests JSON
- Spring Boot with Jersey and Spring Security OAuth2
- Spring Security Basic Authentication always causes 404
- Jersey & Spring Boot turns non-ok response statuses to 404
- Jersey with Spring-Security DB login keeps redirecting to Login Page
- Cannot integrate Spring Security BASIC Authentication into Jersey/JAX-RS and Tomcat