http .csrf(AbstractHttpConfigurer::disable) .cors(AbstractHttpConfigurer::disable) .addFilterAfter(CoustomAuthCheckFilter, UsernamePasswordAuthenticationFilter.class) … I used AuthenticationFilter.class in the addFilterAfter method and encountered an error. After changing it to UsernamePasswordAuthenticationFilter.class, it worked. Why does the compiler not throw an error when using AuthenticationFilter.class even though it’s not a concrete filter that is typically used directly?” try http .csrf(AbstractHttpConfigurer::disable) .cors(AbstractHttpConfigurer::disable) .addFilterAfter(CoustomAuthCheckFilter, AuthenticationFilter.class) I expecting […]

In one of our services, it is possible to get requests from two sources, internal (within our cluster) and external. For internal requests, the request needs to be validated using JWT token. For external ones there are just headers that need to be checked.
I want to use the spring default mechanisms for oauth2 where it just validates the token automatically and if the token is not present then check the headers (or vice versa).
The complication is the api path (endpoints) is same for both types of requests.

i watched a spring security tutorial, in description there was github link, so i cloned it. but its showing some error. im attaching screenshot , its showing red line in the userdetails and service class. im attaching screenshots about how chatgpt told me to resolve it.[enter image description here](https:enter image description here//i.sstatic.net/pSnGWBfg.png)

Suppose I have two SecurityFilterChain-Beans configured.
One provides some general security configuration, for example it could set a CSP header. This bean will be part of a library, since I want to apply it across several applications.

I am trying to access "/" as a non authenticated user. I have implemented only the SecurityFilterChain and the @Controller that only maps that request. So far I have tried various things but I kept the simplest that I think should work.

I’m trying to configure my WebSecurityConfigurerAdapter to be able to authenticate two different (and incompatible) authentication flows. To make it simple, the requests sent to the server can have two possible type of token in the header, each type has its own header key (ex: ‘webAuth’ and ‘hardwareAuth’).

I have a project in the university and I just have the problem that permitAll is not working properly in the security filter chain.
I have two filter chains, the first is for the UI with keycloak and the second is for public access for “customer” endpoints with apiKey and some should be accessible to everyone, such as for email verification.

I followed the titorial from this page about creating the class SpringSecurityConfig in order to create a secure API with JWT

I am trying to return a 403 from my REST API, but Spring Boot is transforming the value into a 500

Below you can see my SecurityFilterChain bean. I have 3 endpoints in permitAll, but /users/register still needs authorisation, while /users/register/invite/** is fine. Why is this happening?