Spring Boot HttpSecurity always 403 forbidden
Question
I always get http status 403. I have this security configuration:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/api/users/login/").permitAll()
.anyRequest().authenticated();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
I cannot post to /api/users/login
2019-10-15 12:25:49.567[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m "ERROR" dispatch for POST "/error", parameters={} [2m2019-10-15 12:25:49.576[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.wsmmaRequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest) [2m2019-10-15 12:25:49.605[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.swsmmaHttpEntityMethodProcessor [0;39m [2m:[0;39m Using 'application/json', given [ / ] and supported [application/json, application/ +json, application/json, application/ +json] [2m2019-10-15 12:25:49.608[0;39m [32mDEB UG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.swsmmaHttpEntityMethodProcessor [0;39m [2m:[0;39m Writing [{timestamp=Tue Oct 15 12:25:49 CEST 2019, status=403, error=Forbidden, message=Access Denied, path=/ (truncated)...] [2m2019-10-15 12:25:49.661[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Exiting from "ERROR" dispatch, status 403
1 answers
solution1
0 2019-10-16 14:13:19
Try .antMatchers(HttpMethod.POST,"/api/users/login").permitAll() , also note that you have .antMatchers("/api/users/login/") and you are makin an request to /api/users/login note extra / in your antMatchers.
You can also use configure(WebSecurity web) which will bypass the Spring Security filter chain as described here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.