[英]java spring openApi : swagger request returns status code 403
I've a springboot/openapi application.我有一个 springboot/openapi 应用程序。 No dependency on spring security.不依赖弹簧安全性。 When launching a POST request via swagger, the returned status is 403. The request doesn't arrive in the controller class.通过 swagger 发起 POST 请求时,返回状态为 403。请求未到达控制器类。 A Get request however does work and returns a status 200.但是,Get 请求确实有效并返回状态 200。
The following is configured以下是配置
@Configuration
public class Config {
@Bean
ForwardedHeaderFilter forwardedHeaderFilter() {
return new ForwardedHeaderFilter();
}
}
}
application.yaml应用程序.yaml
server:
port: 50086
forward-headers-strategy: framework
use-forward-headers: true
What could be the cause of the status 403 ?状态 403 的原因可能是什么?
Controller控制器
@CrossOrigin
@RestController
@RequestMapping("/ta")
public class TaController {
@Operation(summary = "Calculate")
@RequestMapping(value = "/calculateWithPrices", method = RequestMethod.POST)
public ResponseEntity<CaculationResponseDto> calculateWithPrices(@RequestBody CaculationWithPricesRequestDto caculationWithPricesRequestDto) {
// code ...
}
Try to add a SecurityConfig which inherits from WebSecurityConfigurerAdapter.尝试添加一个继承自 WebSecurityConfigurerAdapter 的 SecurityConfig。 Example is here .例子在这里。
With the method configure you can set the access to specific url-endpoints and allow the call on them.使用 configure 方法,您可以设置对特定 url-endpoints 的访问并允许对其进行调用。
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider authProvider;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider).eraseCredentials(false);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests().antMatchers("**apiEndpoint**").authenticated()
.and().csrf().disable().headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Deactivate authorization for whole application
// http.authorizeHttpRequests().antMatchers("/**").permitAll().and().csrf().disable();
}
}
Class CustomAuthenticationProvider:类 CustomAuthenticationProvider:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private ICustomerRepository customerRepository;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String id = authentication.getName().toString();
String pin = authentication.getCredentials().toString();
try {
// Check if the customer passed in Username exists
CustomerDTO customer = customerRepository.findById(Long.parseLong(id)).orElseThrow();
} catch (Exception e) {
// TODO Auto-generated catch block
throw new BadCredentialsException(id);
}
Collection<? extends GrantedAuthority> authorities = Collections
.singleton(new SimpleGrantedAuthority("ROLE_CUSTOMER"));
return new UsernamePasswordAuthenticationToken(id, pin, authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.