Given that i have security config ::

@Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(authorize -> authorize.requestMatchers("/acme/v1/org/**/transaction"))
            .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // (3)
            .oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults())
                .authenticationEntryPoint(
                        ((request, response, authException) -> filterErrorHandler(request, response, authException))))
            .exceptionHandling(Customizer.withDefaults());

        return http.build();
    }

After successfult validation of JWT Token Its not forwarding request to controller

Log line ::

2024-07-05T19:48:12.170+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.s.s.o.s.r.a.JwtAuthenticationProvider  : Authenticated token
2024-07-05T19:48:12.171+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] .s.r.w.a.BearerTokenAuthenticationFilter : Set SecurityContextHolder to JwtAuthenticationToken [Principal=org.springframework.security.oauth2.jwt.Jwt@9115b79e, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[SCOPE_email, SCOPE_profile]]
2024-07-05T19:48:12.175+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.s.security.web.FilterChainProxy        : Secured POST /acme/v1/org/aaa/transaction
2024-07-05T19:48:12.176+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet        : POST "/acme/v1/org/aaa/transaction", parameters={}
2024-07-05T19:48:12.178+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2024-07-05T19:48:12.178+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2024-07-05T19:48:12.180+05:30 DEBUG 200764 --- [MyApplication] [nio-8081-exec-1] o.s.w.s.r.ResourceHttpRequestHandler     : Resource not found

However

When i disable the security config ( Remove @EnableWebSecurity ) – the Controller is being hit.

My Contoller ::

public interface Api {

@RequestMapping(method = RequestMethod.POST, value = "/v1/org/{orgCode}/transaction",
            produces = { "application/json" }, consumes = { "application/json" })

    default ResponseEntity<FITracking> initiateFetch(
            @Parameter(name = "orgCode", description = "", required = true,
                    in = ParameterIn.PATH) @PathVariable("orgCode") String orgCode,
            @Parameter(name = "FIRequest", description = "", required = true) @Valid @RequestBody FIRequest fiRequest) {
        return getDelegate().initiateFetch(orgCode, fiRequest);
    }



@Controller
@RequestMapping(path = "/acme")
public class DunesApiController implements DunesApi {
...........................
}

Why its not able to find the endpoint ? If I remove the Security – then it works fine !

• Reuest should reach the Contoller