POST端点问题

时间:2018-11-26 16:08:57

标签: java spring-boot

我已经使用Spring Boot创建了与以下代码相关的post端点:

@PostMapping("/users/")
ResponseEntity<String> registerUser(@RequestBody JSONObject user) {
    System.out.println("registerUser method triggered");
    return userRegistrationResponseGenrator.generateResponse((userRegistrator.registerUser(user)));
}

当我使用以下相关代码测试端点

registrationPath =  String.format("http://localhost:%s/users/", port);

    @Test
    public void registerUserTest() {
        restTemplate.postForObject(registrationPath, validUserJSONObject, RequestEntity.class);

    }

我面临例外

org.springframework.web.client.HttpClientErrorException$Forbidden: 403 null

如何解决此问题?

编辑:

我遵循了发表在评论之一中的想法,以下是与案例相关的日志

2018-11-26 19:43:35.110  INFO 5208 --- [o-auto-1-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2018-11-26 19:43:35.110  INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2018-11-26 19:43:35.152  INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 42 ms
2018-11-26 19:43:35.171 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.173 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2018-11-26 19:43:35.177 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.178 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.387  WARN 5208 --- [o-auto-1-exec-1] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [200] milliseconds.
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.csrf.CsrfFilter         : Invalid CSRF token found for http://localhost:25012/users
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@377d8162
2018-11-26 19:43:35.393 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.395 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@161e14b7. A new one will be created.
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/logout'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-11-26 19:43:35.405 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9de06e39: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: CF6283DA974F144F52398E23C94462E1; Granted Authorities: ROLE_ANONYMOUS'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-11-26 19:43:35.409 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/users'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Public object - authentication not attempted
2018-11-26 19:43:35.411 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error reached end of additional filter chain; proceeding with original chain
2018-11-26 19:43:35.481 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Chain processed normally
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.527  INFO 5208 --- [       Thread-2] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'
2018-11-26 19:43:35.541  INFO 5208 --- [       Thread-2] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2018-11-26 19:43:35.547  INFO 5208 --- [       Thread-2] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown initiated...
2018-11-26 19:43:35.583  INFO 5208 --- [       Thread-2] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown completed.

1 个答案:

答案 0 :(得分:0)

如果您的类路径上具有Spring Security,则默认情况下它将关闭默认用户的所有资源。为了访问任何资源,无论您使用什么HTTP谓词-您都必须进行身份验证。发生异常是因为您没有提供所需的凭据。您有几种解决此异常的方法。

最简单的方法是从项目中删除Spring Security。

如果要访问资源,同时保留保护某些资源的能力,则需要通过创建扩展org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter的bean来省略为这些资源建立的默认安全性。然后,覆盖其protected void configure(HttpSecurity http) throws Exception方法。

例如 

http.authorizeRequests()
.antMatchers("/your_path_1/**").permitAll()
.antMatchers("/your_path_2/example").permitAll()
// Disallow everything else..
.anyRequest().authenticated();

注意: 有一种方法可以忽略默认用户,但这超出了您的问题范围。 检出Spring Boot Security Reference

相关问题
最新问题