如何解决尝试添加新用户时出现Spring Security 403错误
我一直在尝试向我的Spring Boot安全性应用程序添加一个create方法,但是,当我使用后期映射时,出现该错误。另外,我的ID在db中会自动增加。我不确定,但是错误可能是因为它。我不知道如何在请求正文中写入自动递增的值。
{"timestamp":"2020-08-
23T00:43:31.062+00:00","status":403,"error":"Forbidden","message":"","path":"/createUser"}
The body that i am trying to post:
{
"id": 3,"userName": "Adminn","password": "pss","active": true,"role": "ROLE_ADMIN"
}
请求主体以进行后期映射 [1]:https://i.stack.imgur.com/uqoD0.png
我的家庭资源课程
package io.javabrains.springsecurity.jpa;
@RestController
public class HomeResource {
@Autowired
private UserRepository userRepo;
@GetMapping("/")
public String home() {
return ("<h1>Welcome</h1>");
}
@GetMapping("/user")
public String user() {
return ("Welcome User");
}
@GetMapping("/admin")
public String admin() {
return ("<h1>Welcome Admin</h1>");
}
@GetMapping("/users/{id}")
public Optional<User> retriveUser(@PathVariable int id)
{
return userRepo.findById(id);
}
@PostMapping("/createUser")
public void createUser(@RequestBody User myuser) {
User savedUser=userRepo.save(myuser);
}
/*@GetMapping("/createUser") // it is working
public String addUser() {
User newuser= new User();
newuser.setUserName("new");
newuser.setPassword(new BCryptPasswordEncoder().encode("pass"));
newuser.setRole("ROLE_ADMIN");
newuser.setActive(true);
userRepo.save(newuser);
return "user booked";
}*/
}
我的Spring应用程序类
@SpringBootApplication
@EnableJpaRepositories(basePackageClasses = UserRepository.class)
public class SpringsecurityApplication implements CommandLineRunner{
@Autowired
UserRepository userRepository;
public static void main(String[] args) {
SpringApplication.run(SpringsecurityApplication.class,args);
}
@Override
public void run(String... args) throws Exception {
// TODO Auto-generated method stub
System.out.println("Application Running.");
User adminUser= new User();
adminUser.setUserName("Admin");
adminUser.setPassword(new BCryptPasswordEncoder().encode("pass"));
adminUser.setRole("ROLE_ADMIN");
adminUser.setActive(true);
userRepository.save(adminUser);
User newUser= new User();
newUser.setUserName("User");
newUser.setPassword(new BCryptPasswordEncoder().encode("pass"));
newUser.setRole("ROLE_USER");
newUser.setActive(true);
userRepository.save(newUser);
}
}
用户类别
package io.javabrains.springsecurity.jpa.models;
@Entity
@Table(name="app_user")
public class User {
@Id
@GeneratedValue(strategy =GenerationType.AUTO)
private int id;
private String userName;
private String password;
private boolean active;
private String role;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public boolean isActive() {
return active;
}
public void setActive(boolean active) {
this.active = active;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
}
安全配置类
package io.javabrains.springsecurity.jpa;
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder ()
{
return new BCryptPasswordEncoder();
}
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin").hasAnyRole("ADMIN")
.antMatchers("/user").hasAnyRole("ADMIN","USER")
.antMatchers("/","/createUser").permitAll()
.and().formLogin();
}
}
解决方法
如果您以这种方式修改代码怎么办:
.antMatchers(HttpMethod.POST,"/createUser").permitAll()
因为默认情况下启用了用于状态更改HTTP动词(例如POST)的CSRF保护。您可以禁用它,也可以在网页中以及随后的HTTP请求中包含CSRF令牌。
,首先是一个不好的做法,尝试将JSON请求映射到实体类。首先,您应该使用DTO类。 首先这样做,看看发生了什么
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。