Home > database >  Springboot 403 Forbidden when called from WebApp
Springboot 403 Forbidden when called from WebApp

Time:10-08

I have been struggling on this issue for 2 days. I have a simple Springboot application with spring security. When I tested my controller using Swagger and Postman, there is no issue. However, when I call the same endpoint from my front-end app, it throws the error below

2022-10-07T21:43:51.991 0800 DEBUG http-nio-8080-exec-1 (FilterChainProxy.java:323) - Secured OPTIONS /category/all 2022-10-07T21:43:51.993 0800 DEBUG http-nio-8080-exec-1 (LogFormatUtils.java:119) - OPTIONS "/category/all", parameters={} 2022-10-07T21:43:51.995 0800 DEBUG http-nio-8080-exec-1 (PropertySourcedRequestMappingHandlerMapping.java:108) - looking up handler for path: /category/all 2022-10-07T21:43:51.998 0800 DEBUG http-nio-8080-exec-1 (AbstractHandlerMapping.java:522) - Mapped to com.edar.sales.be.controller.CategoryController#getAllCategories() 2022-10-07T21:43:52.002 0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:86) - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.015 0800 DEBUG http-nio-8080-exec-1 (HttpSessionSecurityContextRepository.java:346) - Did not store anonymous SecurityContext 2022-10-07T21:43:52.018 0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:111) - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.019 0800 DEBUG http-nio-8080-exec-1 (FrameworkServlet.java:1131) - Completed 403 FORBIDDEN

This is my Controller Class

package com.edar.sales.be.controller;

import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.beanutils.BeanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

import com.edar.sales.be.dto.CategoryDTO;
import com.edar.sales.be.entity.Category;
import com.edar.sales.be.service.CategoryService;
import com.google.gson.Gson;

@RestController(value = "category/")
public class CategoryController {
    
    private static final Logger LOG = LoggerFactory.getLogger(CategoryController.class);
    private static final Gson GSON = new Gson();
    
    @Autowired
    CategoryService categoryService;

    @GetMapping(value = "category/all")
    public List<CategoryDTO> getAllCategories() throws IllegalAccessException, InvocationTargetException {

        List<CategoryDTO> retval = new ArrayList<>();
        List<Category> categories = categoryService.getAllCategories();

        for (Category category : categories) {
            CategoryDTO categoryDTO = new CategoryDTO();
            BeanUtils.copyProperties(categoryDTO, category);
            retval.add(categoryDTO);
        }

        return retval;

    }

    @GetMapping(value = "category/{id}")
    public CategoryDTO getCategoryById(@PathVariable("id") long id) throws IllegalAccessException, InvocationTargetException {
        CategoryDTO categoryDTO = new CategoryDTO();
        BeanUtils.copyProperties(categoryDTO, categoryService.getCategoryById(id));
        return categoryDTO;
    }
       
    @PostMapping(value = "category/delete/{id}")
    public void deleteCategoryById(@PathVariable("id") Long id) {
        categoryService.deleteCategoryById(id);
    }

    @PostMapping(value = "category/add")
    public void addCategory(@RequestBody Category category) {
        LOG.debug("Adding category : {}", GSON.toJson(category));
        categoryService.addCategory(category);
    }
    
    @PatchMapping(value = "category/update")
    public void updateCategory(@RequestBody Category category) {
        LOG.debug("Updating category : {}", GSON.toJson(category));
        categoryService.addCategory(category);
    }
}

And this is my SecurityConfig

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("**").permitAll();
    }
}

CodePudding user response:

Try using this and also use SecurityFilterChain for spring security because WebSecurityConfigurerAdapter is deprecated.

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
    
  http
     .csrf().disable()
     .authorizeRequests().antMatchers("/**").permitAll()
     .and
     .httpBasic();
  }

}
  • Related