stackoom
  简体   繁体   中英

Spring Boot REST API POST 401 Unauthorized

 原文  2020-12-31 09:35:17       java/ spring/ spring-boot/ spring-security/ http-post

Question

It is really strange and im sure im missing something. Here is my spring Security config class:

@Configuration
@EnableWebSecurity
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder())
                .usersByUsernameQuery(
                        "select username,password, enabled from user where username=?")
                .authoritiesByUsernameQuery(
                        "select username, authority from authorities where username=?");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http    .cors()
                .and()
                .authorizeRequests() // authorize
                .antMatchers("/task/*").permitAll()
                .antMatchers(HttpMethod.POST,"/task/*").permitAll()
                .anyRequest().authenticated() // all requests are authenticated
                .and()
                .httpBasic();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

So on Postman when i send a GET request i get 200 OK status code. But when i hit a POST request i get 401 Unauthorized

UPDATE I have made the exact same POST request and i got 403 Forbiden this time..... really strange

Also here is the Controller code:

@RestController
@RequestMapping("task")
@CrossOrigin("http://localhost:3000")
public class TaskController {

    @Autowired
    private TaskRepo taskRepo;
    //private TaskDAO taskDAO;

    @GetMapping("/list")
    public List<Task> getTasks(){
        return taskRepo.findAll();
    }

    @PostMapping("/create")
    public Task createTask(@RequestBody Task task) {
        Task savedTask = taskRepo.save(task);
        System.out.println("student id " + savedTask.getId());

        return savedTask;

    }

}

1 answers

solution1
 0  2021-02-03 23:57:06

CSRF protection is enabled by default in the Java Security configuration, so you cannot access with modifying HTTP methods (POST, PUT, ...) from an external domain (like a web app or Postman).GET method is allowed by default.

You can disable CSRF protection with code similar to this:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
      .csrf().disable();
}

Thank you for Baeldung for teaching me that in this article .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android HttpURLConnection always unauthorized 401 response (Spring Boot REST API) 401- Unauthorized authentication using REST API Dynamics CRM with Azure AD from a Spring Boot app Spring Boot Microservices - Rest Template 401 Unauthorized error Spring Boot 401 Unauthorized Postman Spring Boot REST API 401 on public endpoint? 401 unauthorized spring boot test How to send a 401 as unauthorized user and a 404 if a database query returned a null object in a Spring boot webapp REST API controller? Error 401 Unauthorized in spring boot / spring security OAuth2 With Spring Boot Unauthorized (401) Response Spring Boot Security - Postman gives 401 Unauthorized
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM