mateuszs
Reputation: 165
Issue with POST endpoint
I have created post endpoint with use of Spring Boot related to below code:
@PostMapping("/users/")
ResponseEntity<String> registerUser(@RequestBody JSONObject user) {
System.out.println("registerUser method triggered");
return userRegistrationResponseGenrator.generateResponse((userRegistrator.registerUser(user)));
}
When I however test the endpoint with code related to below
registrationPath = String.format("http://localhost:%s/users/", port);
@Test
public void registerUserTest() {
restTemplate.postForObject(registrationPath, validUserJSONObject, RequestEntity.class);
}
I face exception
org.springframework.web.client.HttpClientErrorException$Forbidden: 403 null
How can I resolve this issue?
Edit:
I have followed idea posted in one of comments and below are logs related to case
2018-11-26 19:43:35.110 INFO 5208 --- [o-auto-1-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2018-11-26 19:43:35.110 INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2018-11-26 19:43:35.152 INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 42 ms
2018-11-26 19:43:35.171 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /users at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.173 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /users at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2018-11-26 19:43:35.177 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /users at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.178 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /users at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.387 WARN 5208 --- [o-auto-1-exec-1] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [200] milliseconds.
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:25012/users
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@377d8162
2018-11-26 19:43:35.393 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.395 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@161e14b7. A new one will be created.
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-11-26 19:43:35.405 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9de06e39: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: CF6283DA974F144F52398E23C94462E1; Granted Authorities: ROLE_ANONYMOUS'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-11-26 19:43:35.409 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/users'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Public object - authentication not attempted
2018-11-26 19:43:35.411 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy : /error reached end of additional filter chain; proceeding with original chain
2018-11-26 19:43:35.481 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.527 INFO 5208 --- [ Thread-2] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService 'applicationTaskExecutor'
2018-11-26 19:43:35.541 INFO 5208 --- [ Thread-2] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2018-11-26 19:43:35.547 INFO 5208 --- [ Thread-2] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated...
2018-11-26 19:43:35.583 INFO 5208 --- [ Thread-2] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed.
Upvotes: 1
Views: 1133
Answers (1)
improbable
Reputation: 2944
If you have Spring Security on your classpath, it shuts down all resources with default user by default. In order to access any resource no matter what HTTP verb you are using - you have to authenticate. The exception occurs because you are not providing the required credentials. You have several options for fixing this exception.
First and easiest, remove Spring Security from your project.
If you want to access your resources, while preserving the ability to secure certain resources, you need to omit default security established for these resources by creating a bean, which extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter. Then, override its protected void configure(HttpSecurity http) throws Exception method.
E.g.
http.authorizeRequests()
.antMatchers("/your_path_1/**").permitAll()
.antMatchers("/your_path_2/example").permitAll()
// Disallow everything else..
.anyRequest().authenticated();
If you don't want to do that - you can just use an auto-generated password for the user "user" in order to access secured endpoint for the lifetime of one session, then you have to re-login. It gets printed in the logs when you start up your application.
Note: For further reference, check out Spring Boot Security Reference.
Upvotes: 1
Related Questions
- Java springboot POST request giving 404
- POST request endpoint using Java/Spring-boot
- Spring Boot Post and Get Request not working
- Spring Boot POST request to endpoint returning Null values
- PostMapping Service Rest with Spring boot error Request method 'POST' not supported
- Spring boot post HTTP Request
- POST doesn't work Spring java
- Unable to send data to POST Service in Spring 4
- Simple Spring Boot POST Not Working
- Post in Spring Rest not working