posted 4 years ago
Hi,
I am using Spring security to secure my API with Json Web Token,
And I am authenticating all the APIs that start with "/api/**"
I have a "login" and "sign-up" APIs that don't start with this prefix, so it should pass the security filters.
This is my configuration in "WebSecurityConfigurerAdapter":
And this is the filter I use for validating JWT:
I see that this filter is executed in "login" and "sign-up" even though they don't start with "/api/**" (it is executed twice by the way)
But still, I can log in and sign up successfully
Is this a valid behavior?
If not, what am I missing here?