Reputation: 397
403 Forbidden while doing delete request. Spring boot rest api
So i have backend in java and frontend in Angular. While im sending delete request to my spring boot rest endpoint im getting 403 code. Angular sends first OPTIONS request and it returns this 403 so DELETE request not happens. Additionaly GET and POST works fine.
I have tried disable csrf but it didnt wokred. Also im using it in my browser so i shouldnt disabling this. In soapUI DELETE works fine.
This is my security config class
@Configuration
@EnableWebSecurity
public class AuthConfig extends WebSecurityConfigurerAdapter {
@Value(value = "${auth0.apiAudience}")
private String audience;
@Value(value = "${auth0.issuer}")
private String issuer;
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
JwtWebSecurityConfigurer
.forRS256(audience, issuer)
.configure(http)
.cors()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/public").permitAll()
.antMatchers(HttpMethod.GET,"/private/**").authenticated()
.antMatchers(HttpMethod.GET,"/private-scoped").hasAuthority("read:posts");
}
}
I want to do this delete requests.
@PostMapping("/private/post/{id}/like")
public void likePostById(@PathVariable Long id){
postService.likePostById(id);
}
@DeleteMapping("/private/post/{id}/like")
public void unlikePostById(@PathVariable Long id){
postService.unlikePostById(id);
}
Upvotes: 3
Views: 5376
Answers (2)
Reputation: 21
In case you are on Spring Boot, you can do this, too:
@Bean
public WebMvcConfigurer corsConfigurer()
{
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("GET", "PUT", "POST", "DELETE",
"PATCH", "OPTIONS", "HEAD");
}
};
}
You can add your mappings to a particular url as well.
Upvotes: 1
Reputation: 326
I think you limit your request type by
HttpMethod.GET
in your antMatchers.
Remove this parameter or add one more antiMatcher like:
.antMatchers(HttpMethod.DELETE,"your delete url").permitAll()
Upvotes: 0
Related Questions
- DELETE 403 (Forbidden) error spring-mvc and rest implementation
- Spring Boot CORS blocks DELETE requests
- REST API delete HTTP request in Spring Boot
- Delete method displays "forbidden" message
- 403 response for POST/PUT/DELETE request in spring boot + spring security application
- Request method 'DELETE' not supported
- How to forbid `DELETE` http request in Springboot?
- org.springframework.web.HttpRequestMethodNotSupportedException DELETE request denied
- Spring not allowing RequestMethod.DELETE
- Error 405 Method Not Allowed error, when sending DELETE to server