英文:
Forbidden 403 Error in spring boot when i try to access the web app (index.html) or reactjs app
问题
I have added the index.html file in the 'src/main/resources/static' folder under the spring boot application so that I can access the web page while running the spring boot server. This works perfectly in another spring boot application without spring web security setup. But once I add the spring web security configuration, I only get 403 Forbidden errors. Online I found I should add: ".csrf().disable()" to my configure but it didn't work. I am trying to access the 'localhost:8080' but all in vain. Spring security is needed to protect the REST API from unauthenticated users. This is my spring security configuration.
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecuritySettings extends WebSecurityConfigurerAdapter {
@Autowired
private final UserDetailsService userService;
@Autowired
private JwtFilter jwtFilter;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// enable cors and disable csrf tokens(only required in mvc not in rest)
http = http.cors().and().csrf().disable();
// disable session management immediately since we are using jwt tokens.
// the server doesn't need to persist the currently logged-in user
http = http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
// configure your authorisation from here
http.authorizeRequests()
//.antMatchers("/**").permitAll() // for the default landing page
.antMatchers("/api/accounts/create-user").authenticated()
.antMatchers("/api/accounts/me").authenticated()
.antMatchers("/api/payments").hasAuthority("client");
}
}
I also tried to render the page via the controller as suggested by others but all that in vain.
@Controller
public class IndexController {
@RequestMapping("/")
public String renderLandingPage(){
return "Welcome to the servspace";
}
}
This is the error that I get:
英文:
I have my spring boot application and I have added the index.html file in the 'src/main/resources/static' folder under the spring boot application so that i can access the web page while running the spring boot server. This works perfectly in another spring boot application without spring web security setup. But once I add the spring web security configuration, I only get 403 Forbidden errors. Online I found I should add: ".csrf().disable()" to my configure but it didn't work. I am trying to access the localhost:8080 but all in vain. Spring security is needed to protect the REST API from unauthenticated users. This is my spring security configuration.
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecuritySettings extends WebSecurityConfigurerAdapter {
@Autowired
private final UserDetailsService userService;
@Autowired
private JwtFilter jwtFilter;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// enable cors and disable csrf tokens(only required in mvc not in rest)
http = http.cors().and().csrf().disable();
// disable session management immediately since we are using jwt tokens.
// the server doesn't need to persist the currently logged-in user
http = http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
// configure your authorisation from here
http.authorizeRequests()
//.antMatchers("/**").permitAll() // for the default landing page
.antMatchers("/api/accounts/create-user").authenticated()
.antMatchers("/api/accounts/me").authenticated()
.antMatchers("/api/payments").hasAuthority("client")
I also tried to render the page via the controller as suggested by others but all that in vain.
@Controller
public class IndexController {
@RequestMapping("/")
public String renderLandingPage(){
return "Welcome to the servspace";
}
}
THis is error that I get
答案1
得分: 1
.antMatchers("/api/accounts/create-user").authenticated() .antMatchers("/api/accounts/me").authenticated() .antMatchers("/api/payments").hasAuthority("client") .antMatchers("/**").permitAll() // 默认的登录页面
英文:
You still need the .antMatchers("/**").permitAll() but it needs to be at the end because it is the most general:
http.authorizeRequests()
.antMatchers("/api/accounts/create-user").authenticated()
.antMatchers("/api/accounts/me").authenticated()
.antMatchers("/api/payments").hasAuthority("client")
.antMatchers("/**").permitAll() // for the default landing page
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论