79575896

Date: 2025-04-15 19:29:22
Score: 11 🚩
Natty:
Report link

Can you share more info how you got this working?
I have an existing Spring Boot Rest Microservices.
I'm trying to add a new API that uses GraphQL.

The issue I'm having is allowing GraphiQL test site and IntrospectionQuery through.
But my new api uses the same path (like: books/api/graphQL).

Spring Boot SecurityFilterChain layer can allow some of this through, but how do I add one through and not the other one?

If I do leave it open, I add in the @PreAuthorize for my security, its not sending down the authorization token but some anonymous token or object. Then our security layer doesn't know what that is and crashes.

Have you found a way to allow the test graiphQL -- IntrospectionQuery path to work to get the schema, but still block or authenticate other paths.

Reasons:
  • Blacklisted phrase (1): how do I
  • RegEx Blacklisted phrase (2.5): Can you share
  • RegEx Blacklisted phrase (2.5): Have you found a way to allow the test graiphQL
  • RegEx Blacklisted phrase (2): working?
  • Long answer (-0.5):
  • No code block (0.5):
  • Contains question mark (0.5):
  • User mentioned (1): @PreAuthorize
  • Starts with a question (0.5): Can you share
  • Low reputation (1):
Posted by: Aron Christensen