I have a newly created Spring Boot 3.0 application using Kotlin, which returns 401 on all HTTP calls.
MyApiApplication.kt
package com.my.app.api
import org.springframework.boot.autoconfigure.SpringBootApplication
import org.springframework.boot.runApplication
@SpringBootApplication()
class MyApiApplication
fun main(args: Array<String>) {
runApplication<MyApiApplication>(*args)
}
TestController.kt
package com.my.app.api
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
import java.time.LocalDateTime
@RestController
@RequestMapping("/api/test")
class TestController {
@GetMapping("/")
fun test(): LocalDateTime {
return LocalDateTime.now()
}
}
application.properties
server.port=6020
spring.datasource.url=jdbc:postgresql://localhost:6010/mydb
spring.datasource.username=mydb
spring.datasource.password=mydbpass
pom.xml
4.0.0 org.springframework.boot spring-boot-starter-parent 3.0.0-SNAPSHOT
<groupId>com.datadriven.headless.api</groupId>
<artifactId>headless-api</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>headless-api</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>17</java.version>
<kotlin.version>1.7.20</kotlin.version>
<testcontainers.version>1.17.4</testcontainers.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-kotlin</artifactId>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-reflect</artifactId>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>junit-jupiter</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>postgresql</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers-bom</artifactId>
<version>${testcontainers.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>
<testSourceDirectory>${project.basedir}/src/test/kotlin</testSourceDirectory>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-maven-plugin</artifactId>
<configuration>
<args>
<arg>-Xjsr305=strict</arg>
</args>
<compilerPlugins>
<plugin>spring</plugin>
<plugin>jpa</plugin>
</compilerPlugins>
</configuration>
<dependencies>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-maven-allopen</artifactId>
<version>${kotlin.version}</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-maven-noarg</artifactId>
<version>${kotlin.version}</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
<repositories>
...
</repositories>
<pluginRepositories>
...
</pluginRepositories>
"curl -v localhost:6020/api/test" returns always returns 401. What am I doing wrong?
CodePudding user response:
You might be affected by this issue.
Take a look here and try to see if your logs match the logs of the ticket. I think the issue is that spring boot when it does not understand the request it sends back the error page but the error page is also behind security by default and can't be disclosed, so then spring boot gives a 401 response instead of the error page.
Also this ticket is the current open ticket from spring-boot team to handle the above issue
CodePudding user response:
You have an additional slash in your get path. So the request you are sending is not correct. Try: curl -v localhost:6020/api/test/
CodePudding user response:
Adding the following class solved my problem:
MyAppApiConfig.kt
package com.my.app.api
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.WebSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
@Configuration
@EnableWebSecurity
class MyAppApiConfig {
@Bean
fun webSecurityCustomizer(): WebSecurityCustomizer? {
return WebSecurityCustomizer { web: WebSecurity ->
web.ignoring() // Spring Security should completely ignore URLs starting with /resources/
.antMatchers("/api/**")
}
}
}