使用JWT身份验证时，带有config-server的Spring Boot应用程序无法正常工作

Question

I am new to using config server for getting external configuration from Github repository. In my application.yml file of spring boot application I have used below piece of lines and it works fine when I comment JWT authentication part in my application, spring boot application can fetch updated configurations from github repository.

security: basic: enabled: false management: security: enabled: false

My question is what if I don't include above code in my yml file, will it work fine? because when i remove above lines, it throws 401 unauthorized error.

Second thing my spring boot application is secured with JWT authentication, when I enable my JWT authentication with yml file having above piece of code, then on providing valid token also it gives 403 forbidden error.

Someone please guide me how resolve this, I am trying to resolve this from last 1 week but no luck. Thanks in advance.

Answer 1

I believe you have <artifactId>spring-boot-starter-security</artifactId> as a dependency in your POM.xml and therefore you will always get a 401 Unauthorized if you do not provide the default password (which you can see in logs on service startup) and if you have removed that config from your bootstrap.yml

If you are getting a 403 Forbidden, then it means that the user was able to login with credentials (means authenticated successfully) but is not "authorized" to do the action being performed. Check the roles of the user(log them or debug).