spring-security returns 401 despite authorizeRequests().anyRequest().permitAll()
You're almost there. It's an easy fix - the javadoc of @EnableResourceServer provides the answer:
Users should add this annotation and provide a @Bean of type
ResourceServerConfigurer (e.g. via ResourceServerConfigurerAdapter)
that specifies the details of the resource (URL paths and resource
id).
You're using a WebSecurityConfigurerAdapter
however. Just change it to ResourceServerConfigurerAdapter
and enhance the visibility of configure
:
@EnableResourceServer
public static class SecurityConfig extends ResourceServerConfigurerAdapter implements JwtAccessTokenConverterConfigurer {
// snip
@Override
public void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().anyRequest().permitAll();
}
// snip
Spring Security's permitAll Unauthorized
The solution is to ignore HttpMethod.GET
, so all urls with the get method will be ignored.
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.GET)
.antMatchers("/favicon.ico", "/", "/index.html", "/registrar",
"/autenticar", "/app/**");
}
Spring Security - 401 Unauthorized access
I see that you are not updating the SecurityContextHolder
. Unable to put it in a comment, so I wrote it here.
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest))
SecurityContextHolder.getContext().setAuthentication(authentication); //this seems missing
No primary or default constructor found for interface java.util.List Rest API Spring boot
I don't understand what is the issue you are facing, but i can see an error straight away so guessing that is the issue you are facing, i am going to give you a solution.
Create a class which matches your json data structure like this :
Class PlanetData {
private String name;
private List<Planet> artifacts;
public PlanetData(String name, List<Planet> artifacts){
name = name;
artifacts = artifacts;
}
// include rest of getters and setters here.
}
Then your controller should look like this. Basically you needed to put @RequestBody
to all the parameters you want to recieve from request JSON. Earlier you only put @RequestBody
to name parameter not artifact parameter and since Request Body can be consumed only once, so you need a wrapper class to recieve the complete request body using single @RequestBody
annotation.
@RequestMapping("/create")
public String create(@RequestBody PlanetData data) {
Planet mars = planetService.create(data.getName(),data.getArtifacts());
return mars.toString();
}
Edit : Looking at the Planet class, it also needs some modification
public class Planet {
private String typeName; // key in json should match variable name for proper deserialization or you need to use some jackson annotation to map your json key to your variable name.
private List<Element> elements;
public Planet() {}
public Planet(String typeName, List<Element> elements)
{
this.typeName = typeName;
this.elements = elements;
}
//setters and getters. Remember to change your setters and getter from name to typeName.
}
Hope this solves your issue.
Related Topics
How to Post Data in an Array in Android Using Retrofit 2
How to Create Multiple Objects Through Loops in Java
Selecting Specific Rows from Sqlite Database-Android-Sqlite Database
Selenium Web Driver: Cannot Be Scrolled into View
How to Efficiently Return the Max Possible Integer With a Given Number of Digits
Convert to Int from String of Numbers Having Comma
Mailconnectexception: Couldn't Connect to Host, Port: Smtp.Sendgrid.Net
How to Increment a Variable to the Next or Previous Letter in the Alphabet
Get Enum Values as List of String in Java 8
How to Read a File, Reverse the Order, and Write Reverse Order
A Better Way to Convert Integer (May Be Null) to Int in Java
Java Syntax Error on Token.... Identifier Expected After This Token
Checking If a String Contains a Dot
How to Subtract Number of Days from Current Date in Hql Query
Spring Jpa/Hibernate Transaction Force Insert Instead of Update