stackoom
  简体   繁体   中英

Why permitAll() returns 403 spring security?

 原文  2020-11-17 06:13:58       java/ spring-boot/ spring-security

Question

I have created a method for persisting user details in the database and i also have a controller which is exposed at the endpoint /register. I wanted to make the /register endpoint available to all. I have used spring security and gave permit all for the /register end point.


@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final UserDetailsServiceImpl userDetailsService;

    @Autowired
    public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests(
                request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
                .anyRequest().authenticated()
            );
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
       return new BCryptPasswordEncoder();
    }
}

Can someone please explain or help me out why permitAll is not working in my case. As per the code i have written the /register end point should return the user details but it returns 403. The /register endpoint is a rest endpoint which takes the user details as input and return the user details as output once the detal is persisted to the database.

@Slf4j
@RestController
public class RegistrationController {

    private final UserDetailsServiceImpl userDetailsService;

    @Autowired
    public RegistrationController(UserDetailsServiceImpl userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @PostMapping(value = "/register")
    public ResponseEntity<Users> registerNewUser(@Valid @RequestBody Users users) throws EmailAlreadyExistsException {
        Users usersDetails = userDetailsService.processRegistration(users);
        log.info("{}, Information: Successfully persisted new user",this.getClass().getSimpleName());
        return new ResponseEntity<>(usersDetails,HttpStatus.OK);
    }
}

1 answers

solution1
 1 ACCPTED  2020-11-17 07:34:21

I guess you are calling the url via curl or postman. You must then disable CSRF or use a GET mapping instead.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests(
            request -> request.antMatchers(HttpMethod.POST,"/register").permitAll()
            .anyRequest().authenticated()
        );
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Security returns login page despite permitAll spring security permitAll not working Why Spring Security permitAll() is not working with OAuth2.0? Spring Security's permitAll Unauthorized Spring security in angularjs returns 403 forbidden for login Spring security always returns HTTP 403 Spring Security for URL with permitAll() and expired Auth Token Understanding the difference of permitAll() and anonymous() in Spring Security Spring security not allowing access with simple matcher and permitAll Spring security 401 Unauthorized even with permitAll
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM