Maximiliano Nunes Catarino
Reputation: 558
Micronaut Security raise an AuthorizationException for a DELETE route for a valid JWT and authorized user
I'm trying to understand how Micronaut Security works, but the documentation is not helping me.
I'm using Java 23, Micronaut 4.7.4, Micronaut Security 4.11.2. I created an AuthenticationProvider that generates a JWT.
My application.yaml look like this.
micronaut:
security:
enabled: true
authentication: bearer
token:
jwt:
enabled: true
bearer:
prefix: Bearer
header-name: Authorization
I have created a controller with 5 paths, 4 of them works without problems, but the one with DELETE raise an AuthorizationException.
The @Secured annotation is working. If I remove it, any request is blocked.
Why the DELETE request is being blocked, since a valid JWT was provided? I tryed to add ROLE_ADMIN to the user roles, but did no difference.
@Controller("/v1/resource")
@Secured(SecurityRule.IS_AUTHENTICATED)
public class ResourceController {
@Get
public Page<Entity> findAll(Pageable pageable);
@Get("/{id}")
public Entity findById(@PathVariable("id") UUID id);
@Post
@Status(HttpStatus.CREATED)
public Entity create(@Body EntityDTO dto);
@Patch("/{id}")
public Entity update(@PathVariable("id") UUID id, @Body EntityDTO dto);
@Delete("/{id}")
public Entity deleteCategory(@PathVariable("id") UUID id);
}
What I'm doing wrong?
Upvotes: 0
Views: 20
Answers (0)
Related Questions
- What is secret key for JWT based authentication and how to generate it?
- Micronaut Application, with security configured, returns Http 403 for js and css files
- Custom JWT expiration in micronaut security
- Validating authorized & Unauthorized User (JWT ReactJS-Laravel)
- How to use Keycloak JWT for authentication in Micronaut GraphQL
- How do I load a "user" in a micronaut backend when JWT is provided
- Swagger open API definition not working with Micronaut JWT security Micronaut version 2.2.1