I am working on a react and springboot application and am getting 401 error whenever I make a call to this endpoint 
Other endpoints are working fine.
I'm not too sure what's causing the issue.
I have 2 configuration files as follows:
DataRestConfig.java
package com.luv2code.springbootlibrary.config;
import com.luv2code.springbootlibrary.entity.Book;
import com.luv2code.springbootlibrary.entity.Review;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.rest.core.config.RepositoryRestConfiguration;
import org.springframework.data.rest.webmvc.config.RepositoryRestConfigurer;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
@Configuration
public class MyDataRestConfig implements RepositoryRestConfigurer {
private String theAllowedOrigins = "http://localhost:3000";
@Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config, CorsRegistry cors) {
HttpMethod[] theUnsupportedActions = {HttpMethod.POST,HttpMethod.PATCH,HttpMethod.DELETE,HttpMethod.PUT };
config.exposeIdsFor(Book.class);
config.exposeIdsFor(Review.class);
disableHttpMethods(Book.class, config, theUnsupportedActions);
disableHttpMethods(Review.class, config, theUnsupportedActions);
// Configure CORS Mapping
cors.addMapping(config.getBasePath() + "/**")
.allowedOrigins(theAllowedOrigins);
}
private void disableHttpMethods(Class theClass, RepositoryRestConfiguration config, HttpMethod[] theUnsupportedActions) {
config.getExposureConfiguration()
.forDomainType(theClass)
.withItemExposure((metadata, httpMethods) -> httpMethods.disable(theUnsupportedActions))
.withCollectionExposure((metadata, httpMethods) -> httpMethods.disable(theUnsupportedActions));
}
}
SecurityConfiguration.java
package com.luv2code.springbootlibrary.config;
import com.okta.spring.boot.oauth.Okta;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// Disable cross site request forgery
http.csrf(csrf -> csrf.disable())
.cors(cors -> {
cors.configurationSource(corsConfigurationSource());
})
// Protect endpoints at /api/<type>/secure
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/books/secure/**").authenticated())
.oauth2ResourceServer((oauth2) -> oauth2
.jwt(Customizer.withDefaults())
)
// Add content negotiation strategy
.setSharedObject(ContentNegotiationStrategy.class,
new HeaderContentNegotiationStrategy());
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin("http://localhost:3000");
configuration.addAllowedMethod("*");
configuration.addAllowedHeader("*");
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new
UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
I am using okta-spring-boot-starter v2.1.6 and spring-boot-starter-parent v3.1.4.
BookRepository.java
package com.luv2code.springbootlibrary.dao;
import com.luv2code.springbootlibrary.entity.Book;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.web.bind.annotation.RequestParam;
public interface BookRepository extends JpaRepository<Book,Long> {
Page<Book> findByTitleContaining(@RequestParam("title") String title, Pageable pageable);
Page<Book> findByCategory(@RequestParam("category") String category, Pageable pageable);
}
BookController.java
package com.luv2code.springbootlibrary.controller;
import com.luv2code.springbootlibrary.entity.Book;
import com.luv2code.springbootlibrary.service.BookService;
import com.luv2code.springbootlibrary.utils.ExtractJWT;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@CrossOrigin("http://localhost:3000")
@RestController
@RequestMapping("/api/books")
public class BookController {
private BookService bookService;
@Autowired //allows you to create Bean without using new keyword
public BookController(BookService bookService) {
this.bookService = bookService;
}
@GetMapping("/secure/currentloans/count")
public int currentLoansCount(@RequestHeader(value="Authorization") String token) {
String userEmail = ExtractJWT.payloadJWTExtract(token, "\"sub\"");
return bookService.currentLoansCount(userEmail);
}
@GetMapping("/secure/ischeckedout/byuser")
public Boolean checkoutBookByUser(@RequestHeader(value="Authorization") String token,
@RequestParam Long bookId) {
String userEmail = ExtractJWT.payloadJWTExtract(token, "\"sub\"");
// System.out.println("user " + userEmail);
return bookService.checkoutBookByUser(userEmail, bookId);
}
@PutMapping("/secure/checkout")
public Book checkoutBook(@RequestHeader(value="Authorization") String token,
@RequestParam Long bookId) throws Exception {
String userEmail = ExtractJWT.payloadJWTExtract(token, "\"sub\"");
return bookService.checkoutBook(userEmail, bookId);
}
}
Appreciate my help or ideas, thanks!
Add this line before
http.build()Okta.configureResourceServer401ResponseBody(http);