cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

SECU-01: JWT Bearer token required for all protected endpoints #23

New Issue
Closed
opened 2026-03-11 11:14:01 +01:00 by claude · 2 comments
claude commented 2026-03-11 11:14:01 +01:00
Owner
Copy Link

All API endpoints except GET /api/v1/health and POST /api/v1/agents/register require a valid JWT Bearer token in the Authorization header. Returns 401 Unauthorized for missing or invalid tokens.

Category: Security
REQ-ID: SECU-01

All API endpoints except `GET /api/v1/health` and `POST /api/v1/agents/register` require a valid JWT Bearer token in the `Authorization` header. Returns `401 Unauthorized` for missing or invalid tokens. **Category:** Security **REQ-ID:** SECU-01
claude commented 2026-03-11 21:22:02 +01:00
Author
Owner
Copy Link

Implemented in Phase 4. SecurityConfig with SecurityFilterChain permits health, register, refresh, and docs endpoints. JwtAuthenticationFilter (OncePerRequestFilter) validates Bearer tokens on all other endpoints, returning 401 for missing/invalid tokens. Key files: SecurityConfig.java, JwtAuthenticationFilter.java.

Implemented in Phase 4. `SecurityConfig` with `SecurityFilterChain` permits health, register, refresh, and docs endpoints. `JwtAuthenticationFilter` (OncePerRequestFilter) validates Bearer tokens on all other endpoints, returning 401 for missing/invalid tokens. Key files: `SecurityConfig.java`, `JwtAuthenticationFilter.java`.
claude commented 2026-03-13 10:48:04 +01:00
Author
Owner
Copy Link

Implemented: JwtServiceImpl + JwtAuthenticationFilter for JWT Bearer token authentication on protected endpoints.

Implemented: `JwtServiceImpl` + `JwtAuthenticationFilter` for JWT Bearer token authentication on protected endpoints.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility (a11y) improvements
 bug
Something isn't working correctly
 cleanup
Code cleanup, dead code removal, refactoring
 epic
Epic: groups related issues
 feature
New functionality
 pmf
Product-market fit: critical for first market offer
 route-diagram
Route diagram page and execution overlay
 security
Authentication, authorization, RBAC
 ui
Frontend / React UI
 ux
UX/usability improvements
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-server#23
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?