CODEWITHSUNDEEP
springspring-bootspring-cloud
Jeff Cook
Jeff Cook

Reputation: 8784

Unable to call the /encrypt endpoint with Spring Cloud + boot in v2.0.X

I was using the Spring Cloud and Security example. In this example, I was using Spring Boot version 1.4.1.RELEASE. Spring Boot parent version to 2.0.4.RELASE. The moment I updated the dependency following endpoint started breaking.

I already went through Spring Cloud Config - Encrypt Password and documentation http://cloud.spring.io/spring-cloud-static/Finchley.RELEASE/single/spring-cloud.html, but not sure why I am getting forbiddeb error.

I tried using CURL and POSTMAN, get the forbidden error.

C:\Users\pc>curl localhost:8888/encrypt -d connectionstring=server123;user=root;password@word1 {"timestamp":"2018-09-01T12:53:17.382+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/encrypt"} C:\Users\pc>

NOTE: My Server running on port 8888 fine & JCE files are added already

POST : http://localhost:8888/encrypt

enter image description here

The code I used below

pom.xml

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.4.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.SR1</spring-cloud.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

application.yml

---

server:
  port: 8888


spring:
  cloud:
    config:
      server:
        git:
          uri: https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls

          search-paths:
          - 'station*'
          repos:
            perf: 
              pattern:
              - "*/perf"
              uri : https://github.com/rseroter/pluralsight-spring-cloudconfig-wa-tolls-perf
              search-paths :
              - 'station*'

# Enable security for Basic Auth
  security:
    user:
      name: ABC_123
      password: ABC##123

bootstrap.properties

encrypt.key=ABCDEFGHIJKLMNOPQRSTUVWXYZ

WebSecurityConfig.java

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/").permitAll();
    }
}

Project structure:

enter image description here

Upvotes: 1

Views: 2694

Answers (2)

veritas
veritas

Reputation: 432

thanh ngo answer worked for me with some modifications.

First, if you're trying this on spring boot, mvcMatcher may not work. If you're just practicing you could simply use

http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();

The entire class would look something like

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       
        http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
    }

Upvotes: 0

thanh ngo
thanh ngo

Reputation: 844

The problem is that Spring Security enables csrf protection by default. You can read here for more information.

Simply disable csrf protection will help /encrypt to be accessible again.

http.csrf().disable()
            .authorizeRequests().mvcMatchers(HttpMethod.POST, "/encrypt/**")
            .permitAll();

Upvotes: 6

Related Questions