Wrong security call in security configuration

[vimahk]

I think in this line you should use addFilterBefore() instead of addFilterAfter(). First, we should look for a token, and if it is present and valid, we should skip authentication. But if you use addFilterAfter(), you authenticate every time and won't use the JWT token (of course, only if you provide username/password).

spring-boot-security-course/src/main/java/com/example/demo/security/ApplicationSecurityConfig.java

Line 53 in 78d6448

.addFilterAfter(new JwtTokenVerifier(secretKey, jwtConfig),JwtUsernameAndPasswordAuthenticationFilter.class)