Testing spring security enabled api using postman

Question

I am working on a spring boot + spring security based application. I have used jdbcAuthentication to validate user. I have also configured custom login form.

After running the application I am able to successfully login and get the API response through browser but when I try to test the API using Postman I only get the HTML login page as response. How do I get the desired API json response?

My configuration file:

@Override
            protected void configure(AuthenticationManagerBuilder auth)
                    throws Exception {
            System.out.println("auth manager called");
              auth. jdbcAuthentication() .usersByUsernameQuery(usersQuery)
              .authoritiesByUsernameQuery(rolesQuery) .dataSource(dataSource)
              .passwordEncoder(noop);

            }
         @Override
            protected void configure(HttpSecurity http) throws Exception {
                System.out.println("Http scurity called");
                http.httpBasic().
                and().
                        authorizeRequests()
                        .antMatchers("/").permitAll()
                        .antMatchers("/login").permitAll()
                        .antMatchers("/registration").permitAll()
                        .antMatchers("/admin/**").hasAuthority("ADMIN")
                        .antMatchers("/db").hasAuthority("DBA")
                        .antMatchers("/user").hasAuthority("USER").anyRequest()
                        .authenticated().and().csrf().disable().formLogin()
                        .loginPage("/login").failureUrl("/login?error=true")
                        .successHandler(customSuccessHandler)
                        .usernameParameter("username")
                        .passwordParameter("password")
                        .and().logout()
                        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                        .logoutSuccessUrl("/").and().exceptionHandling()
                        .accessDeniedPage("/access-denied");
            }

My Controller file:

@RequestMapping(value = { "/", "/login" }, method = RequestMethod.GET)
        public ModelAndView login() {
            System.out.println("/login called");
            ModelAndView modelAndView = new ModelAndView();
            modelAndView.setViewName("login");
            return modelAndView;
        }

        @RequestMapping(value = "/admin", method = RequestMethod.GET, produces = { "application/json" })
            public UserUniconnect home(HttpServletRequest request, HttpServletResponse response) {

                Authentication auth = SecurityContextHolder.getContext().getAuthentication();
                String currentUser = null;
                if (!(auth instanceof AnonymousAuthenticationToken)) {
                    currentUser = auth.getName();
                }

                User user1 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                user1.getAuthorities();
                System.out.println("++++++++++++++++++++++++++++++");
                System.out.println(request == null);
                Users u = (Users) request.getSession(false).getAttribute("user");
                Uniconnect uni = (Uniconnect) request.getSession(false).getAttribute("uniconnect");
                UserUniconnect uu = new UserUniconnect();
                uu.setUser(u);
                uu.setUniconnect(uni);

                return uu;
            }

I am returning java object as the response which spring boot is able to convert it into json format.

Postman Screenshot

Answer 1

Setting up the Basic Auth parameters in Postman might help:

It is most likely that you need to get your session id from a cookie after logging in manually with your browser and then provide this cookie to Postman just like this:

Getting a cookie from browser differs depending on a browser itself, but Chrome and Firefox both have a Developer utils built in, so that should not be a problem.