Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keep getting 403 forbidden from spring boot example code

Tags:

java

http

authentication

spring-boot

I followed a simple tutorial for newbie for spring boot and setup my first controller and a few API calls. However, I was able to call GET but the POST always gives me 403 error code from postman and curl.

Here is my relevant code

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("*"));
        configuration.setAllowCredentials(true);
        configuration.setAllowedHeaders(Arrays.asList("Access-Control-Allow-Headers","Access-Control-Allow-Origin","Access-Control-Request-Method", "Access-Control-Request-Headers","Origin","Cache-Control", "Content-Type", "Authorization"));
        configuration.setAllowedMethods(Arrays.asList("DELETE", "GET", "POST", "PATCH", "PUT"));
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

Here is my controller code

@ApiOperation(value = "Create a new order")
    @RequestMapping(value = "/orders", method = RequestMethod.POST, produces = "application/json")
    @ResponseStatus(HttpStatus.CREATED)
    public Order createOrder(
            @ApiParam(value = "New order object", required = true)
            @RequestBody Order newOrder) {
        newOrder.setSymbol(newOrder.getSymbol().toUpperCase());
        return orderRepository.save(newOrder);
    }

Here is the http response:

{
    "timestamp": "2019-10-08T19:57:03.487+0000",
    "status": 403,
    "error": "Forbidden",
    "message": "Forbidden",
    "path": "/api/v1/orders"
}

I'm requesting with curl as such

curl --location --request POST "http://localhost:8080/api/v1/orders --data "test"

I know its not a CORS issue, I've tried several other auth methods and all of them gives 403 (not 401)

like image 250
erotsppa Avatar asked Apr 12 '26 00:04

erotsppa

1 Answers

You can try to look at CSRF parameter.

HttpSecurity POST 403 Forbidden

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .csrf().disable();
  }
like image 164
Marie Alice Avatar answered Apr 13 '26 12:04

Marie Alice

Sign in to Comment

Related questions

ANTLR:Translate the modified AST to java source code by stringtemplate
When is recursive backtracking appropriate?
Including .pde files from different directories than root

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!