Spring security has had full JWT-support since 2017.
Writing a custom security solution with some sort of custom security filter is bad practice. Thats why there are security standards, to avoid writing custom security solutions.
The spring security documentation has clear instructions on how to handle JWTs and this is not it.
Hi after implementing the spring security with jwt token it is working as expected with known API urls but when I hit with unknown URL, get 401 authorized error and if any exception is raised at runtime also gets 401 authorized because fo the below exception in Cansole.
getting org. spring framework.security.authentication.InsufficientAuthenticationException
do I need to add any filter in AuthEntryPointJwt under the commence? I just wanted to ignore the authentication filter if there is any unknown API hit that came to the application and should throw the NoHandlerFoundException custom exception error with below handler. how can I do that?
@ExceptionHandler(NoHandlerFoundException.class)
public ResponseEntity handle(NoHandlerFoundException ex){
return new ResponseEntity<>(APIError.createInstance(HttpStatus.NOT_FOUND.toString(),
List.of(new ErrorDetails(ex.getMessage(),null))), null, HttpStatus.NOT_FOUND);
}
2023-06-13T15:35:30.978+05:30 INFO 27060 --- [on(5)-127.0.0.1] inMXBeanRegistrar$SpringApplicationAdmin : Application shutdown requested.
2023-06-13T15:35:31.139+05:30 INFO 27060 --- [on(5)-127.0.0.1] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2023-06-13T15:35:31.152+05:30 WARN 27060 --- [on(5)-127.0.0.1] o.a.c.loader.WebappClassLoaderBase : The web application [ROOT] appears to have started a thread named [HikariPool-1 housekeeper] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread: [email protected]/jdk.internal.misc.Unsafe.park(Native Method) [email protected]/java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:252) [email protected]/java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:1672) [email protected]/java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1182) [email protected]/java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:899) [email protected]/java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1062) [email protected]/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1122) [email protected]/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [email protected]/java.lang.Thread.run(Thread.java:833)
2023-06-13T15:35:31.171+05:30 INFO 27060 --- [on(5)-127.0.0.1] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2023-06-13T15:35:31.176+05:30 INFO 27060 --- [on(5)-127.0.0.1] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated...
2023-06-13T15:35:31.199+05:30 INFO 27060 --- [on(5)-127.0.0.1] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed.