Not able to access REST controllers in Spring Securtiy even when the role matches
0
WebSecurityConfig class is as follows:-
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/get*").hasAnyRole();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user1").password("user1Pass")
.authorities("USER");
//.and().withUser("admin").password("adminPass")
//.authorities("ADMIN");
}
/*@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("test").password("test123").roles("USER").and().
withUser("test1").password("test123").roles("ADMIN");
}
}*/
}
Below is the REST controller:-
@RequestMapping(value="/getprofessors", method=RequestMethod.GET)
public List<Professor> getProfessors() {
//return service.findProfessors();
List<Professor> Professors = professorRepo.findAll();
return Professors;
}
Below image represents the POSTMAN call I'm making:-
Getting 403 error when accessing this controller even when no role specification has been provided.
spring spring-boot spring-security spring-security-rest
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
add a comment |
0
WebSecurityConfig class is as follows:-
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/get*").hasAnyRole();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user1").password("user1Pass")
.authorities("USER");
//.and().withUser("admin").password("adminPass")
//.authorities("ADMIN");
}
/*@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("test").password("test123").roles("USER").and().
withUser("test1").password("test123").roles("ADMIN");
}
}*/
}
Below is the REST controller:-
@RequestMapping(value="/getprofessors", method=RequestMethod.GET)
public List<Professor> getProfessors() {
//return service.findProfessors();
List<Professor> Professors = professorRepo.findAll();
return Professors;
}
Below image represents the POSTMAN call I'm making:-
Getting 403 error when accessing this controller even when no role specification has been provided.
spring spring-boot spring-security spring-security-rest
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
add a comment |
0
0
0
WebSecurityConfig class is as follows:-
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/get*").hasAnyRole();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user1").password("user1Pass")
.authorities("USER");
//.and().withUser("admin").password("adminPass")
//.authorities("ADMIN");
}
/*@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("test").password("test123").roles("USER").and().
withUser("test1").password("test123").roles("ADMIN");
}
}*/
}
Below is the REST controller:-
@RequestMapping(value="/getprofessors", method=RequestMethod.GET)
public List<Professor> getProfessors() {
//return service.findProfessors();
List<Professor> Professors = professorRepo.findAll();
return Professors;
}
Below image represents the POSTMAN call I'm making:-
Getting 403 error when accessing this controller even when no role specification has been provided.
spring spring-boot spring-security spring-security-rest
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
WebSecurityConfig class is as follows:-
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/get*").hasAnyRole();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user1").password("user1Pass")
.authorities("USER");
//.and().withUser("admin").password("adminPass")
//.authorities("ADMIN");
}
/*@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("test").password("test123").roles("USER").and().
withUser("test1").password("test123").roles("ADMIN");
}
}*/
}
Below is the REST controller:-
@RequestMapping(value="/getprofessors", method=RequestMethod.GET)
public List<Professor> getProfessors() {
//return service.findProfessors();
List<Professor> Professors = professorRepo.findAll();
return Professors;
}
Below image represents the POSTMAN call I'm making:-
Getting 403 error when accessing this controller even when no role specification has been provided.
spring spring-boot spring-security spring-security-rest
spring spring-boot spring-security spring-security-rest
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
asked Dec 30 '18 at 16:44
Ravi Singh ShekhawatRavi Singh Shekhawat
116
116
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
0
Have you checked other methods for antMatchers()? I mean permitAll() and others. Maybe problem with hasAnyRole(), because it takes String[ ] . It is empty maybe problem occurs because of that.
answered Dec 30 '18 at 17:47
TurabTurab
5111
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53979502%2fnot-able-to-access-rest-controllers-in-spring-securtiy-even-when-the-role-matche%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Have you checked other methods for antMatchers()? I mean permitAll() and others. Maybe problem with hasAnyRole(), because it takes String[ ] . It is empty maybe problem occurs because of that.
answered Dec 30 '18 at 17:47
TurabTurab
5111
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
add a comment |
0
Have you checked other methods for antMatchers()? I mean permitAll() and others. Maybe problem with hasAnyRole(), because it takes String[ ] . It is empty maybe problem occurs because of that.
answered Dec 30 '18 at 17:47
TurabTurab
5111
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
add a comment |
0
0
0
Have you checked other methods for antMatchers()? I mean permitAll() and others. Maybe problem with hasAnyRole(), because it takes String[ ] . It is empty maybe problem occurs because of that.
answered Dec 30 '18 at 17:47
TurabTurab
5111
Have you checked other methods for antMatchers()? I mean permitAll() and others. Maybe problem with hasAnyRole(), because it takes String[ ] . It is empty maybe problem occurs because of that.
answered Dec 30 '18 at 17:47
TurabTurab
5111
answered Dec 30 '18 at 17:47
TurabTurab
5111
answered Dec 30 '18 at 17:47
TurabTurab
5111
answered Dec 30 '18 at 17:47
TurabTurab
5111
5111
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
add a comment |
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
With permitAll(), it is working without any authentication. Have tried http.authorizeRequests() .antMatchers("/get*").hasAnyRole("USER"); but still the endpoint isn't authorizing.
– Ravi Singh Shekhawat
Dec 31 '18 at 9:20
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
I have faced this kind of situation when i was used sts ide, but i have typed the same code in intellij idea it worked successfully.
– Turab
Jan 11 at 8:22
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53979502%2fnot-able-to-access-rest-controllers-in-spring-securtiy-even-when-the-role-matche%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
