Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Security always returns 403 for precompiled templates or Kotlin support #440

Open
fabiankuenzer opened this issue Mar 24, 2025 · 0 comments
Open

Spring Security always returns 403 for precompiled templates or Kotlin support #440

fabiankuenzer opened this issue Mar 24, 2025 · 0 comments

Comments

@fabiankuenzer
Copy link

fabiankuenzer commented Mar 24, 2025
edited
Loading

There are several issues for using JTE together with Spring Security.

It only works in development mode

After being able to set up the precompiled templates as described in #438, the Spring Boot application and the tests run as expected. However, visiting /home returns 403 when using gg.jte.gg.jte.use-precompiled-templates=true and gg.jte.development-mode=false. All other endpoints respond as expected. The page is only rendered with gg.jte.development-mode=true.

It does not work in a Docker container

The previous setup returns 403 for /home when running the application in a Docker container based on the eclipse-temurin:17-jdk-ubi9-minimal image. All other endpoints respond as expected.

It does not work together with Kotlin templates

When using Kotlin templates in .kte files and adding compileOnly("gg.jte:jte-kotlin:3.1.16"), visiting /home returns 403 for both, precompiled templates and the use of development mode. All other endpoints respond as expected.

Setup

@Configuration
@EnableWebSecurity
class WebSecurityConfig {
    @Bean
    fun passwordEncoder(): PasswordEncoder = BCryptPasswordEncoder()

    @Bean
    fun filterChain(http: HttpSecurity): DefaultSecurityFilterChain {
        http
            .csrf { it.disable() }
            .authorizeHttpRequests {
                it
                    .requestMatchers(GET, "/home")
                    .permitAll()
                    .requestMatchers(GET, "/foo/**")
                    .permitAll()
                    .requestMatchers(DELETE, "/bar/*")
                    .authenticated()
            }.formLogin {
                it.disable()
            }.httpBasic(Customizer.withDefaults())
        return http.build()
    }

    @Bean
    fun userDetailsService(): UserDetailsService {
        val user =
            User
                .builder()
                .username("foo")
                .password(passwordEncoder().encode("bar"))
                .build()
        return InMemoryUserDetailsManager(user)
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fabiankuenzer