我用REST Spring制作了一些api。 GET请求在Postman中工作正常,但是当我尝试执行POST请求时,出现此错误:
{
"timestamp": "2018-09-25T06:39:27.226+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/cidashboard/projects"
}
这是我的控制器:
@RestController
@RequestMapping(ProjectController.PROJECT_URL)
public class ProjectController {
public static final String PROJECT_URL = "/cidashboard/projects";
private final ProjectService projectService;
public ProjectController(ProjectService projectService) {
this.projectService = projectService;
}
@GetMapping
List<Project> getAllProjects(){
return projectService.findAllProjects();
}
@GetMapping("/{id}")
Project getProjectById(@PathVariable int id) {
return projectService.findProjectById(id);
}
@PostMapping
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}
}
安全配置 最初,我想使用ldap,但在我的应用程序属性中,我仅将连接留在了数据库中。 ................................................... ................................................... ..................
@EnableGlobalMethodSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**").permitAll();
// .anyRequest().fullyAuthenticated();
// .and()
// .formLogin().loginPage("/login").permitAll()
// .failureUrl("/login-error");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource(contextSource())
.passwordCompare()
//.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/static/**"); // #3
}
@Bean
public DefaultSpringSecurityContextSource contextSource() {
return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
}
}
答案 0 :(得分:-1)
使用@EnableWebSecurity
启用spring security。默认情况下启用csrf
支持,您必须禁用它以防止Forbidden错误。
@Override
protected void configure(HttpSecurity http) throws Exception {
http //other configure params.
.csrf().disable();
}
PS: 415不支持的类型->将此注释添加到您的映射中,该注释是从Postman发送的数据类型。
@PostMapping(consumes = "application/json")
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}