CODEWITHSUNDEEP
javaspring-bootpostman
alonso05
alonso05

Reputation: 135

Why does post request cause forbidden error?

Here is my code:

Controller:

@PostMapping("/create")
    public ResponseEntity<?> createUser(@RequestBody UserExternalResource newUser) {
        try {
            LOGGER.info("Incoming request to create a user: {}", newUser);
            return userService.createUser(newUser);
        } catch (Exception e) {
            LOGGER.error("Error create user: " + newUser + ". Message: " + e.getMessage(), e);
            return new ResponseEntity<>(new ResponseResource("Error creating user!"), HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

Request body:

{
    "user" : "John",
    "username" : "john1"

}

When i try to send this request with postman i get 403 Forbidden error.

Response from Postman console:

POST /e/api/user/create
Content-Type: text/plain
cache-control: no-cache
Postman-Token: b6590554-b54e-4935-b0c2-bc43857b3dc1
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: localhost:8500
cookie: EXAMPLE SERVICE-SESSIONID=3TWT113hsJ0e1LVQEDlQqp69O6U8VZx-7sFSyH63
accept-encoding: gzip, deflate
content-length: 284
{
 "user" : "John",
 "username" : "john1"
 }
HTTP/1.1 403
status: 403
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Date: Wed, 06 Feb 2019 15:11:55 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
{"timestamp":1549465915019,"status":403,"error":"Forbidden","message":"Access Denied","path":"/e/api/user/create"}

Does anyone know what could be problem?

Upvotes: 0

Views: 11267

Answers (3)

elakkiya
elakkiya

Reputation: 1

I got 403 forbidden error in postman. so i changed the statement in security configuration from

 http.authorizeRequests().antMatchers( "/employee*").hasRole("developer").anyRequest().permitAll();

to

.http.authorizeRequests().antMatchers("/*").permitAll().and().cors().and().csrf().disable();

i tried this.. its working now. thank you

Upvotes: 0

blueDexter
blueDexter

Reputation: 1170

If you are using spring security then try with the following security configuration.http.authorizeRequests().antMatchers("//e/api/**").permitAll().and().cors().and().csrf().disable();

Upvotes: 2

Farhan Qasim
Farhan Qasim

Reputation: 990

{"timestamp":1549465915019,"status":403,"error":"Forbidden","message":"Access Denied","path":"/e/api/user/create"}

You are getting the error 403. The true definition of 403 is following:

The 403 Forbidden error is an HTTP status code which means that accessing the page or resource you were trying to reach is absolutely forbidden for some reason.

You might not have the permission to reach this method, hence the error.

If you are using spring security and it GET works correctly, it might be because of CSRF and you can disable it through doing the following in your configuration method. 

http.csrf().disable();

Upvotes: 2

Related Questions