koushikkothagal / spring-security-jwt Goto Github PK

I am getting 403 - Forbidden error on Postman after sending valid token in the header.

There is an authentication bypass in the whole project, correct me if wrong. Steps to reproduce:

1. Import project from version control.
2. Do a post request on /authenticate endpoint with the following body: {"username":"random","password":"foo"}
   When matching at least the password field the caller gets a response with a valid token matching the correct user.
   Username can be anything.

SecurityConfigurer.java missing

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "filter" is null

the override of the configure(httpSecurity) method always returns 200 ok for "/authenticate" endpoint and the break point in the respective function is not reached.

how to solve this?

In this application, there should be RestController unable to find. Are you forgot to push? to repo

Please add refresh token functionality so that access token's expiry can be made lesser.