CODEWITHSUNDEEP
spring-boottomcatbasic-authentication
obolen_an
obolen_an

Reputation: 61

Basic auth returns 403 in postman but works fine in browser

I've defined securityConfig as following:

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .passwordEncoder(passwordEncoder())
                .usersByUsernameQuery(\\some code\\)
                .authoritiesByUsernameQuery(\\some code\\)
                .getUserDetailsService();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .httpBasic().authenticationEntryPoint(entryPoint);
    }

When I am entering the credentials in the form in my browser it works fine,

form in my browser

but when I try to send the request in postman using basic auth form postman

I get 403 error. What am I doing wrong?

Upvotes: 0

Views: 1660

Answers (1)

Ervin Szilagyi
Ervin Szilagyi

Reputation: 16775

This is most likely caused by CSRF protection.

From the docs:

Our recommendation is to use CSRF protection for any request that could be processed by a browser by normal users. If you are only creating a service that is used by non-browser clients, you will likely want to disable CSRF protection.

CSRF protection can be disabled as follows:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .httpBasic().authenticationEntryPoint(entryPoint)
            .and()
            .csrf().csrf().disable()
}

Upvotes: 1

Related Questions