Home > Software engineering >  Why endpoint does't response?
Why endpoint does't response?

Time:04-05

I have spring security config with in-memory saved users. There is any rules for users, one of them is sa\sa. There are couple controllers return Ok message if everything is okey(the endpoint is accessable) wher called get request by urls /test and /start Spring-security protecs only /test endpoint Spring-security config:

@Configuration
@EnableWebSecurity
  public class SecurityConfig extends WebSecurityConfigurerAdapter {
  
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
        .withUser("sa")
        .password("{noop}sa")
        .roles("USER", "USER_ROLE")
        .and()
        .withUser("na")
        .password("na")
        .roles("USER", "USER_ROLE");
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/test").hasAnyRole("ROLE_USER", "USER", "USER_ROLE")
        .and()
        .csrf().disable();
  }
  }

Yaml config:

  spring:
    datasource:
      username: user
      password: user
      driverClassName: org.h2.Driver
    security:
      basic:
        enabled: true

So, when I send get request by postman to /start - it's return response ok, if try to call /test - there is no access. I use postman like this:

enter image description here

So, the question is, why I can't to get reponse from /test endpoint(can't access to this url) ?

Error logs with rejection

2022-04-03 21:43:19.854 DEBUG 8872 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/test to session 2022-04-03 21:43:19.854 DEBUG 8872 --- [nio-8080-exec-2] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access 2022-04-03 21:43:19.856 DEBUG 8872 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext 2022-04-03 21:43:19.857 DEBUG 8872 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

CodePudding user response:

I believe you are missing an authentication mechanism in your filter chain (e.g. http.httpBasic(). Note that the spring.security.basic.enabled property is not the correct way to enable HTTP Basic in the latest version(s) of Spring Security.

Take a look at the Hello Security sample's SecurityConfiguration and the Getting Started section of the reference docs.

  • Related