Menu
I'm trying to secure my website using Spring security following the guides on the web. So on my server side the WebSecurityConfigurerAdapter and controller looks like this
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements ApplicationContextAware { @Override protected void registerAuthentication(AuthenticationManagerBuilde r authManagerBuilder) throws Exception { authManagerBuilder.inMemoryAuthentication() .withUser("user").password("password").roles("ADMI N"); } } @Controller //@RequestMapping("/course") public class CourseController implements ApplicationContextAware{ @RequestMapping(value="/course", method = RequestMethod.GET, produces="application/json") public @ResponseBody List<Course> get(// The critirion used to find. @RequestParam(value="what", required=true) String what, @RequestParam(value="value", required=true) String value) { //..... } @RequestMapping(value="/course", method = RequestMethod.POST, produces="application/json") public List<Course> upload(@RequestBody Course[] cs) { } } What confused me very much is the server does not respond to the POST/DELETE method, while the GET method works fine. BTW, I'm using RestTemplate on the client side. Exceptions are:
Exception in thread "main" org.springframework.web.client.HttpClientErrorException: 403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91) at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:574) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:530) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:487) at org.springframework.web.client.RestTemplate.delete(RestTemplate.java:385) at hello.Application.createRestTemplate(Application.java:149) at hello.Application.main(Application.java:99) I've searched the internet for days. Still don't have a clue. Please help. Thanks so much
817
Simply disabling CSRF on your configure method with http. csrf(). disable(); is all that needed to be done for my put requests to stop receiving 403. Save this answer.
A 403 Forbidden Error occurs when you do not have permission to access a web page or something else on a web server. It's usually a problem with the website itself. However, you can try refreshing the page, clearing your cache and cookies, and disconnecting from any VPN you might be using.
Access Denied Handler. Using an access denied handler instead of a page has the advantage that we can define custom logic to be executed before redirecting to the 403 page. For this, we need to create a class that implements the AccessDeniedHandler interface and overrides the handle() method.
The issue is likely due to CSRF protection. If users will not be using your application in a web browser, then it is safe to disable CSRF protection. Otherwise you should ensure to include the CSRF token in the request.
To disable CSRF protection you can use the following:
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements ApplicationContextAware { @Override protected void configure(HttpSecurity http) throws Exception { http // ... .csrf().disable(); } @Override protected void registerAuthentication(AuthenticationManagerBuilder authManagerBuilder) throws Exception { authManagerBuilder .inMemoryAuthentication() .withUser("user").password("password").roles("ADMIN"); } } The issue may be related to CSRF or CORS Security Protection.
The below code disable CSRF and allow all origins and HTTP methods. so be aware when using it.
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); } @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedMethods("*"); } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
