#Foreword

Sometimes human error can happen, which makes me feel absurd, but it can be time consuming work if you don't notice it quickly.

It's related to the configuration of spring security. Some people recommend "no security during spring project development", because There're many things to care about on Spring Security set-up.

When Email APIs were developed, All good. After merging them into remote repository, the test results weren't as I expected when trying to use APIs.

When an error occurred, I tried to leave my trace. Although It turned out to be my human errors, It can be a challenging task if I overlook details.

#Email Controller have 3 APIs

POST (/email/send/code) : Send Verification Code API

GET(/email/verificy/{code}) : Verify Email API

GET(/email/search) : Search Email API

#Test Result : Email APIs Without Login

Like I said, it's all good when APIs were developed, but the problem happens after pulling up-to-date version. (I merged them into remote develop repo.)

When clients use Email APIs, we should access them without a login process. In other words, Spring Security must allow these URLs. (No Authentication Needed)

Therefore, during development, we should've considered "Spring Security Mechanism and API design, when authentication is needed or not".

POST (/email/send/code) without login -> Ok

GET(/email/verify/{code}) without login -> Unauthorized

(errorMessage means It's "Unauthorized".)

GET(/email/search) without login : Unauthorized

(errorMessage means It's "Unauthorized".)

After pulling up-to-date version from remote repositories, I faced these errors, I was in panic,,,, what's the problem..................? Is this API problem.....?

After looking into my code, I don't think it's code problem, something came to my mind. Maybe, it's because of the security configuration.......?

Security's Url config (in some cases, tried both)

POST (/email/send/code) without login -> Success again

GET(/email/verificy/{code}) without login : verifyEmail API -> fail again

(errorMessage means It's not authorized.)

GET(/email/search) without login : searchEmail API -> fail again

(errorMessage means It's not authorized.)

\=>Failed again.

Frankly speaking, I was confused.... why..?

I tried both, and I thought I allowed All Email Url Path. but,,,,,,it turned out to be my human errors............................!

#Solution : Inspect HttpMethod

Admittedly, I couldn't think of these simple solution, After inspection, eventually, I found out.......................................... This below.

The problem is becuase I didn't allow HttpMethod.GET , only allowing HttpMethod.POST

---

Works Well.......................! But,,,,,,It's very absurd, on the other hand,,, this can happen anytime.

POST (/email/send/code) without login -> Success!

GET(/email/verificy/{code}) without login -> Success!

GET(/email/search) without login : searchEmail API -> Success!

"Authorization denined" was resolved with the simple solution.