-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AccessDeniedException after migration to Spring Boot 3.0.x #12758
Comments
Hi @Simulant87, there are a few things going on here related to Spring Security 6:
Since you are returning a In order to make it available for subsequent dispatches, you can save the class JwtAuthenticationFilter : OncePerRequestFilter() {
private val repository = RequestAttributeSecurityContextRepository();
override fun doFilterInternal(
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain,
) {
val authToken = "test"
val context = SecurityContextHolder.createEmptyContext()
context.authentication = JwtUser(authToken)
SecurityContextHolder.setContext(context)
this.repository.saveContext(context, request, response)
filterChain.doFilter(request, response)
}
}
|
thank you very much, for explaining the background and providing the example code. This works very well. |
Thanks again, I spent a lot of time on java. Finally, I solved it with your answer. |
Guys, I'm still having the same problem, could someone show me an example of corrected code? |
Hey, i have similiar one , did you solved? |
Thank you so much! You saved my life! Even ChatGPT doesn't know how to resolve this and it took me quite a long while. |
I have a RestController with a
org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody
to download a file and a SecurityFilterChain working fine with SpringBoot 2.7.8. I now migrated the project to SpringBoot 3.0.2 and from the outside the application is working fine, the files are downloaded correctly, but I noticed 4 new Errors in the logs every time I downloaded a file.I created a reproducable example Project here: https://github.com/Simulant87/access-denied-exception-issue
showcasing the issue on the main branch and the previously working configuration without the logged exceptions on another branch Simulant87/access-denied-exception-issue#1
These are the Errors I get:
1:
2:
3:
4:
In my project I use Kotlin.
This is my SecurityFilterChain:
I currently see this as a bug, as I didn't had these error logs in the previous version of Spring Boot, but it might also be a configuration change I did not migrate correctly.
It looks like the SecurityContextHolder is cleaned up to early as in the proccessing of the filter chain, after the response is already received by the user, there is still some access to the authentication scope required, which is then no longer available.
The text was updated successfully, but these errors were encountered: