Spring boot getting 401 unauthorized status code for simple get request

Question

I am very new to Spring framework. I have created a new Spring Starter Project with following modules: web, mongo, security.

I have created a simple controller

@RestController
@RequestMapping("/users")
public class UserController {

    private UserRepository userRepository;

    @GetMapping("/all")
    public List<User> getAllUsers(){
        List<User> users = this.userRepository.findAll();
        return users;
    }

    @PostMapping("/")
    public void insert(@RequestBody User user){
        this.userRepository.save(user);
    }
}

And seeded some raw data to the database. When I make request to this route in Postman, I get the following response:

{
    "timestamp": 1511113712858,
    "status": 401,
    "error": "Unauthorized",
    "message": "Full authentication is required to access this resource",
    "path": "/users/all"
}

pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

<groupId>ngt</groupId>
<artifactId>someArtifact</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>dermaskin</name>
<description>Demo project for Spring Boot with mongodb</description>

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.8.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-mongodb</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

What is causing the unauthorized response and how to disable it for the /all route? Thanks!

Answer 1

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/users/all").permitAll();
    }
}

You need to configure Spring Security, by default all routes all secured for authrorization.

The code above disables security only for "/users/all" URL.

Answer 2

I was getting this error as I included

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>

in my pom.xml file. Just remove it and try again.

Answer 3

You can keep your security dependency but then you have to setup a userid and a password. This can be done by adding the following into your application.properties file located under src/main/resources folder

security.user.name=user # Default user name.
security.user.password= # your password here