java - POST 端点问题

标签 java spring-boot

我使用 Spring Boot 创建了与以下代码相关的 post 端点:

@PostMapping("/users/")
ResponseEntity<String> registerUser(@RequestBody JSONObject user) {
    System.out.println("registerUser method triggered");
    return userRegistrationResponseGenrator.generateResponse((userRegistrator.registerUser(user)));
}

当我使用与下面相关的代码测试端点时

registrationPath =  String.format("http://localhost:%s/users/", port);

    @Test
    public void registerUserTest() {
        restTemplate.postForObject(registrationPath, validUserJSONObject, RequestEntity.class);

    }

我遇到异常

org.springframework.web.client.HttpClientErrorException$Forbidden: 403 null

如何解决这个问题?

编辑:

我遵循了评论中发布的想法,下面是与案例相关的日志

2018-11-26 19:43:35.110  INFO 5208 --- [o-auto-1-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2018-11-26 19:43:35.110  INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2018-11-26 19:43:35.152  INFO 5208 --- [o-auto-1-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 42 ms
2018-11-26 19:43:35.171 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.173 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2018-11-26 19:43:35.174 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2018-11-26 19:43:35.177 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.178 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /users at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.387  WARN 5208 --- [o-auto-1-exec-1] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [200] milliseconds.
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.csrf.CsrfFilter         : Invalid CSRF token found for http://localhost:25012/users
2018-11-26 19:43:35.392 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@377d8162
2018-11-26 19:43:35.393 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.395 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-11-26 19:43:35.401 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@161e14b7. A new one will be created.
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 4 of 11 in additional filter chain; firing Filter: 'CsrfFilter'
2018-11-26 19:43:35.402 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 5 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/logout'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.s.HttpSessionRequestCache        : saved request doesn't match
2018-11-26 19:43:35.403 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-11-26 19:43:35.405 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9de06e39: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: CF6283DA974F144F52398E23C94462E1; Granted Authorities: ROLE_ANONYMOUS'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-11-26 19:43:35.408 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-11-26 19:43:35.409 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/error'; against '/users'
2018-11-26 19:43:35.410 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Public object - authentication not attempted
2018-11-26 19:43:35.411 DEBUG 5208 --- [o-auto-1-exec-1] o.s.security.web.FilterChainProxy        : /error reached end of additional filter chain; proceeding with original chain
2018-11-26 19:43:35.481 DEBUG 5208 --- [o-auto-1-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Chain processed normally
2018-11-26 19:43:35.490 DEBUG 5208 --- [o-auto-1-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-11-26 19:43:35.527  INFO 5208 --- [       Thread-2] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'
2018-11-26 19:43:35.541  INFO 5208 --- [       Thread-2] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2018-11-26 19:43:35.547  INFO 5208 --- [       Thread-2] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown initiated...
2018-11-26 19:43:35.583  INFO 5208 --- [       Thread-2] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown completed.

最佳答案

如果您的类路径上有 Spring Security,它会默认关闭所有具有默认用户的资源。为了访问任何资源,无论您使用什么 HTTP 动词,您都必须进行身份验证。发生异常是因为您没有提供所需的凭据。您有多种选项可以修复此异常。

首先也是最简单的,从您的项目中删除 Spring Security。

如果您想要访问您的资源,同时保留保护某些资源的能力,则需要通过创建扩展 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter 的 bean 来忽略为这些资源建立的默认安全性。 。然后,覆盖其 protected void configure(HttpSecurity http) throws Exception方法。

例如

http.authorizeRequests()
.antMatchers("/your_path_1/**").permitAll()
.antMatchers("/your_path_2/example").permitAll()
// Disallow everything else..
.anyRequest().authenticated();

如果您不想这样做 - 您可以仅使用用户“user”自动生成的密码,以便在一个 session 的生命周期内访问安全端点,然后您必须重新登录。当您启动应用程序时,它会打印在日志中。

注意: 如需进一步引用,请查看Spring Boot Security Reference .

关于java - POST 端点问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53485017/

上一篇:java - 如果字符串包含 get getContents (JXL)

下一篇:java - 如何配置 Lagom 框架以与 CORS 配合使用?

相关文章:

java - 默认情况下,Jackson 反序列化器是如何工作的

java - 安卓全屏摄像头

spring-boot - Debug模式下的 Spring Boot 日志不使用 log4j starter 打印

java - 通过 Spring data.sql 文件生成示例数据库数据

java - 无法从 bootstrap.yml 读取配置服务器 uri

java - Hibernate @ManyToOne 调用自身

java - 简单的文本聊天应用程序

java - MapReduce canopy 聚类中心

java - 编译错误: '.class' expected

java - 编译Java项目时出错

©2024 IT工具网  联系我们