CODEWITHSUNDEEP
restjhipsterpostman
Markus Oley
Markus Oley

Reputation: 101

accessing jhipster demo app with postman

I have created the jhipster demo app and want to check my adapted rest api with a tool like postman. I have tried with Basic Auth and user and password both set to admin, user or system. But none of them can access, getting an 401.

Would be nice if you could give me a hint what to do to access it.

Cheers Markus

Upvotes: 2

Views: 4304

Answers (5)

Pavan
Pavan

Reputation: 61

If you are using Oauth2 with jhipster, you need to setup Oauth2 token config in postman and get a token before sending a request. Postman config

Once your request is successful you will get JsessionID in cookies, use cookies next time and turn the Auth to no auth. Then the cookies will work for you.

Upvotes: 2

Jon Ruddell
Jon Ruddell

Reputation: 6342

Because Postman is now a separate app (instead of an extension), it can't access your cookies directly. However, it's still possible to use Postman with a session-auth JHipster app.

  1. First, authenticate with the JHipster app
  2. In your browser's developer tools, inspect the response to /api/authentication for the Set-Cookie headers (JSESSIONID and X-XSRF-TOKEN). You can also find the cookies elsewhere in the browser's developer console, in Chrome they are under the Application tab.
  3. Edit the cookies in Postman to add the JSESSIONID and X-XSRF-TOKEN cookies. The "Cookies" tab for the request will look like the image below.
  4. Once the cookies are set, your requests will be authenticated as the same user you logged in with in step 1.

Sample screenshot showing where to edit cookies

For help with Postman and JWT auth, see this answer.

Upvotes: 5

mihaisimi
mihaisimi

Reputation: 1999

My site allows unauthenticated users to access certain section. Thus I find the 401 error annoying.

I made a pull request to fix it, see here: https://github.com/jhipster/generator-jhipster/pull/2623

It requires access to api/account but there are also some other changes to do to avoid a NPE.

Upvotes: 0

István Békési
István Békési

Reputation: 1012

In file SecurityConfiguration.java changing from

.antMatchers("/api/**").authenticated()

to

.antMatchers("/api/**").permitAll()

lets you access the api without any authentication.

Note: This is unsecure and makes your API public, but may be usefull while testing via postman.

Upvotes: 2

sdoxsee
sdoxsee

Reputation: 4681

Just a guess, but the demo app uses cookies and therefore is using CSRF. So you'd need to send the proper CSRF token along with your requests. If you generate the app using a token approach (rather than cookies) you don't need CSRF.

See https://github.com/jhipster/generator-jhipster/issues/363 and search for postman on the page.

Upvotes: 0

Related Questions