I am building full stack application (postgreSQL + springboot + react.js). I added a new feature which is really similar to those which are working.

RouteViev controller :

@RestController
@CrossOrigin(origins = {"http://localhost:5173", "https://trains-demo.vercel.app", "https://trains-backend-demo-2gvfwmqjza-lm.a.run.app"}, allowedHeaders = "*", allowCredentials = "true")
public class RouteViewController {
    private final RouteRepository routeViewRepository;

    @Autowired
    public RouteViewController(RouteRepository routeViewRepository) {
        this.routeViewRepository = routeViewRepository;
    }

    @GetMapping("/api/all_routes")
    public List<Route> getAllRoutes() {
        return routeViewRepository.findAll();
    }

    @GetMapping("/api/find_route")
    public List<SpecifiedRouteView> getSpecifiedRoute(@RequestParam LocalDate departure_date,
                                                          @RequestParam String start_station,
                                                          @RequestParam String end_station) {

        Long start_station_id=routeViewRepository.getStationId(start_station.trim());
        Long end_station_id=routeViewRepository.getStationId(end_station.trim());


        return routeViewRepository.getSpecifiedRoute(departure_date, start_station_id, end_station_id);
    }

    @GetMapping(value = "/api/find_schedule")
    public List<ScheduleView> getSchedule(@RequestParam LocalDate departure_date,
                                                          @RequestParam String start_station) {

        Long start_station_id = routeViewRepository.getStationId(start_station.trim());

        return routeViewRepository.getSchedule(departure_date, start_station_id);
    }
}

Route Repository:

@Repository
public interface RouteRepository extends JpaRepository<Route, Long> {

    @Query(nativeQuery = true, value = "SELECT get_station_id(:name)")
    Long getStationId(@Param("name") String name);

    @Query(nativeQuery = true, value = """
    SELECT 
        route_id as routeId, 
        departure_day as departureDay, 
        departure_date as departureDate, 
        departure_time as departureTime, 
        arrival_time as arrivalTime, 
        price
    FROM 
        find_routes(:_departure_date, :_start_station_id, :_end_station_id) AS route
    """)
    List<SpecifiedRouteView> getSpecifiedRoute(@Param("_departure_date") LocalDate departure_date,
                                               @Param("_start_station_id") Long start_station_id,
                                               @Param("_end_station_id") Long end_station_id);

    @Query(nativeQuery = true, value = """
    SELECT 
        route_id AS routeId, 
        departure_day AS departureDay, 
        departure_date AS departureDate, 
        departure_time AS departureTime, 
        start_station_name AS startStationName,
        arrival_time AS arrivalTime,
        end_station_name AS endStationName
    FROM 
        find_schedule(:_departure_date, :_start_station_id)
    """)
    List<ScheduleView> getSchedule(@Param("_departure_date") LocalDate departure_date,
                                   @Param("_start_station_id") Long start_station_id);
}

Endpoint /find_route works absolutely fine, but /find_schedule works only on localhost. When I am deploying springboot to google cloud (I run docker image on cloud run) unfortunately /find_schedule gives 403 error.

I have configured loging and authorization in my app.

WebConfig:

@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/api/**")
                        .allowedOrigins("http://localhost:5173", "https://trains-demo.vercel.app", "https://trains-backend-demo-2gvfwmqjza-lm.a.run.app")
                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                        .allowedHeaders("*")
                        .allowCredentials(true);
            }
        };
    }
}

SecurityConfig:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final JwtAuthenticationFilter jwtAuthFilter;
    private final AuthenticationProvider authenticationProvider;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable)
                .cors(Customizer.withDefaults())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/auth/**", "/api/getOccupiedSeats",
                                "/api/find_route", "/api/stations", "/",
                                "/api/find_schedule/**").permitAll()
                        .anyRequest().authenticated()
                )
                .sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                )
                .authenticationProvider(authenticationProvider)
                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                .httpBasic(Customizer.withDefaults());
        return http.build();
    }
}

Rest of the code can be found there github

Additionally, for testing purposes, i created simple /test endpoint returning hello world, on local machine it works fine, but being on google cloud endpoint also gives 403 error. Adding it to authorizeHttpRequest didnt solve the problem. Disabling csrf also. Rest endpoints are working fine with is really confusing. I am out of clue what might cause that problem. Additionally I have problem with expiring JWT tokens, but probably thats another spring security torture story.
I’m begging you, help me before I throw my setup out of window.