Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting 403 responses for Async REST APIs using Spring MVC after upgrading 2.7.x -> 3.4.x #44911

Closed
edmundham opened this issue Mar 26, 2025 · 1 comment
Closed

Getting 403 responses for Async REST APIs using Spring MVC after upgrading 2.7.x -> 3.4.x #44911

edmundham opened this issue Mar 26, 2025 · 1 comment
Labels
for: external-project For an external project and not something we can fix for: stackoverflow A question that's better suited to stackoverflow.com status: invalid An issue that we don't feel is valid

Comments

@edmundham
Copy link

Problem:

After upgrading our application to Spring Boot 3.4.x from 2.7.x, we are getting 403 from API endpoints that are using Spring MVC with Async annotation.

Background:

  • We are using custom authentication / authorization filter (CustomFilter)
  • We have both Spring MVC and Jersey in our application

demo.zip - There is a postman collection inside.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 26, 2025
@wilkinsona
Copy link
Member

Thanks for the sample. This isn't a Spring Boot issue as the behavior change that you're seeing is due to a change in Spring Security.

You were relying on Spring Security saving the security context automatically. In Spring Security 6 that no longer happens by default. This is covered in its migration documentation. You should configure a SecurityContextRepository that meets your needs and save the context to the repository as described in Spring Security's documentation.

If you have any further questions, please follow up on Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements.

@wilkinsona wilkinsona closed this as not planned Won't fix, can't repro, duplicate, stale Mar 26, 2025
@wilkinsona wilkinsona added status: invalid An issue that we don't feel is valid for: stackoverflow A question that's better suited to stackoverflow.com for: external-project For an external project and not something we can fix and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
for: external-project For an external project and not something we can fix for: stackoverflow A question that's better suited to stackoverflow.com status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilkinsona @spring-projects-issues @edmundham