Forbidden 403 Error in spring boot when i try to access the web app (index.html) or reactjs app

huangapple go评论72阅读模式
英文:

Forbidden 403 Error in spring boot when i try to access the web app (index.html) or reactjs app

问题

I have added the index.html file in the 'src/main/resources/static' folder under the spring boot application so that I can access the web page while running the spring boot server. This works perfectly in another spring boot application without spring web security setup. But once I add the spring web security configuration, I only get 403 Forbidden errors. Online I found I should add: ".csrf().disable()" to my configure but it didn't work. I am trying to access the 'localhost:8080' but all in vain. Spring security is needed to protect the REST API from unauthenticated users. This is my spring security configuration.

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecuritySettings extends WebSecurityConfigurerAdapter {
    @Autowired
    private final UserDetailsService userService;

    @Autowired
    private JwtFilter jwtFilter;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // enable cors and disable csrf tokens(only required in mvc not in rest)
        http = http.cors().and().csrf().disable();

        // disable session management immediately since we are using jwt tokens.
        // the server doesn't need to persist the currently logged-in user
        http = http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
        // configure your authorisation from here
        http.authorizeRequests()
               //.antMatchers("/**").permitAll() // for the default landing page
                .antMatchers("/api/accounts/create-user").authenticated()
                .antMatchers("/api/accounts/me").authenticated()
                .antMatchers("/api/payments").hasAuthority("client");
    }
}

I also tried to render the page via the controller as suggested by others but all that in vain.

@Controller
public class IndexController {

    @RequestMapping("/")
    public String renderLandingPage(){
        return "Welcome to the servspace";
    }

}

This is the error that I get:
Forbidden 403 Error in spring boot when i try to access the web app (index.html) or reactjs app

英文:

I have my spring boot application and I have added the index.html file in the 'src/main/resources/static' folder under the spring boot application so that i can access the web page while running the spring boot server. This works perfectly in another spring boot application without spring web security setup. But once I add the spring web security configuration, I only get 403 Forbidden errors. Online I found I should add: ".csrf().disable()" to my configure but it didn't work. I am trying to access the localhost:8080 but all in vain. Spring security is needed to protect the REST API from unauthenticated users. This is my spring security configuration.

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecuritySettings extends WebSecurityConfigurerAdapter {
    @Autowired
    private final UserDetailsService userService;

    @Autowired
    private JwtFilter jwtFilter;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // enable cors and disable csrf tokens(only required in mvc not in rest)
        http = http.cors().and().csrf().disable();

        // disable session management immediately since we are using jwt tokens.
        // the server doesn't need to persist the currently logged-in user
        http = http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and();
        // configure your authorisation from here
        http.authorizeRequests()
               //.antMatchers("/**").permitAll() // for the default landing page
                .antMatchers("/api/accounts/create-user").authenticated()
                .antMatchers("/api/accounts/me").authenticated()
                .antMatchers("/api/payments").hasAuthority("client")

I also tried to render the page via the controller as suggested by others but all that in vain.

@Controller
public class IndexController {

    @RequestMapping("/")
    public String renderLandingPage(){
        return "Welcome to the servspace";
    }

}

THis is error that I get
Forbidden 403 Error in spring boot when i try to access the web app (index.html) or reactjs app

答案1

得分: 1

.antMatchers("/api/accounts/create-user").authenticated() .antMatchers("/api/accounts/me").authenticated() .antMatchers("/api/payments").hasAuthority("client") .antMatchers("/**").permitAll() // 默认的登录页面

英文:

You still need the .antMatchers("/**").permitAll() but it needs to be at the end because it is the most general:

   http.authorizeRequests()
            .antMatchers("/api/accounts/create-user").authenticated()
            .antMatchers("/api/accounts/me").authenticated()
            .antMatchers("/api/payments").hasAuthority("client")
            .antMatchers("/**").permitAll() // for the default landing page

huangapple
  • 本文由 发表于 2023年5月14日 21:37:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/76247755.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定