I always get http status 403. I have this security configuration:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("/api/users/login/").permitAll()
.anyRequest().authenticated();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
I cannot post to /api/users/login
2019-10-15 12:25:49.567[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m "ERROR" dispatch for POST "/error", parameters={} [2m2019-10-15 12:25:49.576[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest) [2m2019-10-15 12:25:49.605[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0;39m [2m:[0;39m Using 'application/json', given [/] and supported [application/json, application/+json, application/json, application/+json] [2m2019-10-15 12:25:49.608[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0;39m [2m:[0;39m Writing [{timestamp=Tue Oct 15 12:25:49 CEST 2019, status=403, error=Forbidden, message=Access Denied, path=/ (truncated)...] [2m2019-10-15 12:25:49.661[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Exiting from "ERROR" dispatch, status 403
Try .antMatchers(HttpMethod.POST,"/api/users/login").permitAll(), also note that you have .antMatchers("/api/users/login/") and you are makin an request to /api/users/login note extra / in your antMatchers.
You can also use configure(WebSecurity web) which will bypass the Spring Security filter chain as described here
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments