Springboot couldn't authenticate the JWT passed in from my React.apps with MSAL

Question

I am very new to Springboot and currently in a learning stage. So springboot acts as a resource server to protects my API from unauthorized users. Meanwhile, I have my frontend passed in the access token (jwt) to my Springboot each time API is called. (Yes I've confirmed it).

Yet, my springboot apps receive the jwt and couldn't validate it and passed 401 error each time I call the API from frontend app after I logged in via MSAL and generated access token and passed in my Header.

This is my securityconfig for my SB:

@Bean
    public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
                .oauth2ResourceServer(OAuth -> OAuth.jwt(Customizer.withDefaults()));
        return http.build();
    }

application.properties

spring.security.oauth2.resourceserver.jwt.issuer-uri=https://login.microsoftonline.com/xxx/v2.0 

I think I got everything it needed to be a resource server. But i got a error 401 everytime I access the API.

I've been stopping here for weeks and without any more directions.

Answer 1

@Chin Chee Seng My apologies for the long delay on this thread. I did come across the following article on Medium: How to acquire and use an access token from Azure AD in a React & Spring app: a simple developer’s guide.If you've already resolved the issue, please consider sharing the details here so that others visiting this thread may benefit from your experience.

UPDATE:

Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
Issue:
Springboot couldn't authenticate the JWT passed in from my ReactJS app with MSAL returning 401 error.
Solution:
It was the CORS; the issue was solved when the CORS was disabled in SecurityChain.