[英]java spring openApi : swagger request returns status code 403
我有一個 springboot/openapi 應用程序。 不依賴彈簧安全性。 通過 swagger 發起 POST 請求時,返回狀態為 403。請求未到達控制器類。 但是,Get 請求確實有效並返回狀態 200。
以下是配置
@Configuration
public class Config {
@Bean
ForwardedHeaderFilter forwardedHeaderFilter() {
return new ForwardedHeaderFilter();
}
}
}
應用程序.yaml
server:
port: 50086
forward-headers-strategy: framework
use-forward-headers: true
狀態 403 的原因可能是什么?
控制器
@CrossOrigin
@RestController
@RequestMapping("/ta")
public class TaController {
@Operation(summary = "Calculate")
@RequestMapping(value = "/calculateWithPrices", method = RequestMethod.POST)
public ResponseEntity<CaculationResponseDto> calculateWithPrices(@RequestBody CaculationWithPricesRequestDto caculationWithPricesRequestDto) {
// code ...
}
嘗試添加一個繼承自 WebSecurityConfigurerAdapter 的 SecurityConfig。 例子在這里。
使用 configure 方法,您可以設置對特定 url-endpoints 的訪問並允許對其進行調用。
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider authProvider;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider).eraseCredentials(false);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests().antMatchers("**apiEndpoint**").authenticated()
.and().csrf().disable().headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Deactivate authorization for whole application
// http.authorizeHttpRequests().antMatchers("/**").permitAll().and().csrf().disable();
}
}
類 CustomAuthenticationProvider:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private ICustomerRepository customerRepository;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String id = authentication.getName().toString();
String pin = authentication.getCredentials().toString();
try {
// Check if the customer passed in Username exists
CustomerDTO customer = customerRepository.findById(Long.parseLong(id)).orElseThrow();
} catch (Exception e) {
// TODO Auto-generated catch block
throw new BadCredentialsException(id);
}
Collection<? extends GrantedAuthority> authorities = Collections
.singleton(new SimpleGrantedAuthority("ROLE_CUSTOMER"));
return new UsernamePasswordAuthenticationToken(id, pin, authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
Swagger 3 / OpenApi 如何為同一個狀態碼添加兩個描述
[英]Swagger 3 / OpenApi How to add two descriptions to the same status code
Java HttpClient 請求返回 403 狀態,而 postman 返回預期響應
[英]Java HttpClient Request return 403 status while postman returns the intended response
Spring JWTAuthenticationFilter返回403,但仍然執行請求
[英]Spring JWTAuthenticationFilter returns a 403 but performs the request anyway
使用Java RestAssured創建POST請求,返回狀態碼422
[英]Create POST request, using Java RestAssured, returns status code 422
Spring springdoc-openapi:swagger-ui/index.html 找不到狀態=404
[英]Spring springdoc-openapi : swagger-ui/index.html cannot be found status=404
Spring security中的自定義formLogin()返回一個(type=Forbidden, status=403)
[英]Custom formLogin() in Spring security returns a (type=Forbidden, status=403)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.