How to Solve 403 Error in Spring Boot Post Request
you have to disable csrf Protection because it is enabled by default in spring security: here you can see code that allow cors origin.
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.cors().and().csrf().disable();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
403 forbidden when I try to post to my spring api?
@EnableWebSecurity
enables spring security and it by default enables csrf
support, you must disable it in order to prevent 403 errors.
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
Or send csrf
token with each request.
Note: disabling csrf
makes application less secure, best thing to do is send csrf
token.
Spring Boot Security module gives 403 error when called by using axios from react but works fine in postman
I think here lies the problem:
http
.csrf().disable().authorizeRequests().antMatchers("/authenticate/")
.permitAll().anyRequest().authenticated()
.and().exceptionHandling().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().cors().configurationSource(request -> corsConfiguration);
You tell spring to permitAll
requests to the /authenticate/
endpoint, and require authentication for all the other requests. But from the frontend you're making a request to /CRUD/authenticate/
. That's why you get 403, because this path must be authenticated - meaning that the request must already have the Authorization
header. I think it should work if you change the first line to this:
.csrf().disable().authorizeRequests().antMatchers("/CRUD/authenticate/")
Spring Boot 403 forbidden with POST request in Tomcat 9
The problem is with the CORS in my tomcat server.
I have commented below code and it works.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:9505, http://localhost, www.mydomain.io, http://mydomain.io, mydomain.io</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Thanks
spring boot return 403 forbidden when POST request with Keyclaok
I guess that's a problem with CSRF
protection that Spring Security
enables by default. Try disabling it in your SecurityConfig
to make sure that's the case.
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.csrf().disable() // <- THIS LINE
.authorizeRequests()
.antMatchers("/**")
.hasRole("user")
.anyRequest()
.authenticated();
}
If that's the reason, I recommend to set up proper CSRF protection, as disabling it is time saving in terms of development, but overall is not a good idea in terms of deploying to production.
Related Topics
@Autowired - No Qualifying Bean of Type Found for Dependency
How to Have Empty Requestparam Values Use the Defaultvalue
Utf-8 Encoding of Application.Properties Attributes in Spring-Boot
Spring Boot Rest API Returns 404
How to Return a Select Query from JPA Repository With Foreign Key Type
How to Prevent Xss Attacks or Untrusted Data in Rest API Json Using Java
How to Remove Line Breaks from a File in Java
Get Requestbody and Responsebody At Handlerinterceptor
Counting Unique Characters in a String
How to Pass External Jar File to Spring Boot Project
How to Format a String Number to Have Commas and Round
Netbeans Tomcat Build Failed - the Module Has Not Been Deployed
Error: Java: Invalid Target Release: 11 - Intellij Idea
Java Classnotfoundexception With Maven Dependency