邮递员403禁止留言

时间:2018-09-25 07:10:07

标签: java spring rest postman

我用REST Spring制作了一些api。 GET请求在Postman中工作正常,但是当我尝试执行POST请求时,出现此错误:

{
    "timestamp": "2018-09-25T06:39:27.226+0000",
    "status": 403,
    "error": "Forbidden",
    "message": "Forbidden",
    "path": "/cidashboard/projects"
}

这是我的控制器:

@RestController
@RequestMapping(ProjectController.PROJECT_URL)
public class ProjectController {

    public static final String PROJECT_URL = "/cidashboard/projects";

    private final ProjectService projectService;

    public ProjectController(ProjectService projectService) {
        this.projectService = projectService;
    }

    @GetMapping
    List<Project> getAllProjects(){
        return projectService.findAllProjects();
    }

    @GetMapping("/{id}")
    Project getProjectById(@PathVariable int id) {
        return projectService.findProjectById(id);
    }

    @PostMapping
    void addProject(@RequestBody Project newProject) {
        projectService.saveProject(newProject);
    }
}

安全配置  最初,我想使用ldap,但在我的应用程序属性中,我仅将连接留在了数据库中。 ................................................... ................................................... .................. 

@EnableGlobalMethodSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/css/**").permitAll();
//                .anyRequest().fullyAuthenticated();
//                .and()
//                .formLogin().loginPage("/login").permitAll()
//                .failureUrl("/login-error");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource(contextSource())
                .passwordCompare()
                //.passwordEncoder(new LdapShaPasswordEncoder())
                .passwordAttribute("userPassword");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/resources/static/**"); // #3
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
    }
}

1 个答案:

答案 0 :(得分:-1)

使用@EnableWebSecurity启用spring security。默认情况下启用csrf支持,您必须禁用它以防止Forbidden错误。

@Override
protected void configure(HttpSecurity http) throws Exception {
     http       //other configure params.
         .csrf().disable();
}

PS: 415不支持的类型->将此注释添加到您的映射中,该注释是从Postman发送的数据类型。 

@PostMapping(consumes = "application/json")
void addProject(@RequestBody Project newProject) {
    projectService.saveProject(newProject);
}
相关问题
最新问题