CODEWITHSUNDEEP
javaspringspring-bootspring-security
Eray Tuncer
Eray Tuncer

Reputation: 725

Spring Boot HttpSecurity always 403 forbidden

I always get http status 403. I have this security configuration:

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .cors().and().csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/users/login/").permitAll()
        .anyRequest().authenticated();
}


@Bean
CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration configuration = new CorsConfiguration();
    configuration.setAllowedOrigins(Arrays.asList("*"));
    configuration.setAllowedMethods(Arrays.asList("*"));
    configuration.setAllowedHeaders(Arrays.asList("*"));
    configuration.setAllowCredentials(true);
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", configuration);
    return source;
}

I cannot post to /api/users/login

2019-10-15 12:25:49.567[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m "ERROR" dispatch for POST "/error", parameters={} [2m2019-10-15 12:25:49.576[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Mapped to public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest) [2m2019-10-15 12:25:49.605[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0;39m [2m:[0;39m Using 'application/json', given [/] and supported [application/json, application/+json, application/json, application/+json] [2m2019-10-15 12:25:49.608[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0;39m [2m:[0;39m Writing [{timestamp=Tue Oct 15 12:25:49 CEST 2019, status=403, error=Forbidden, message=Access Denied, path=/ (truncated)...] [2m2019-10-15 12:25:49.661[0;39m [32mDEBUG[0;39m [35m7423[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet [0;39m [2m:[0;39m Exiting from "ERROR" dispatch, status 403

Upvotes: 1

Views: 2926

Answers (1)

Romil Patel
Romil Patel

Reputation: 13787

Try .antMatchers(HttpMethod.POST,"/api/users/login").permitAll(), also note that you have .antMatchers("/api/users/login/") and you are makin an request to /api/users/login note extra / in your antMatchers.

You can also use configure(WebSecurity web) which will bypass the Spring Security filter chain as described here

Upvotes: 1

Related Questions