Issue
I have been struggling on this issue for 2 days. I have a simple Springboot application with spring security. When I tested my controller using Swagger and Postman, there is no issue. However, when I call the same endpoint from my front-end app, it throws the error below
2022-10-07T21:43:51.991+0800 DEBUG http-nio-8080-exec-1 (FilterChainProxy.java:323) - Secured OPTIONS /category/all 2022-10-07T21:43:51.993+0800 DEBUG http-nio-8080-exec-1 (LogFormatUtils.java:119) - OPTIONS "/category/all", parameters={} 2022-10-07T21:43:51.995+0800 DEBUG http-nio-8080-exec-1 (PropertySourcedRequestMappingHandlerMapping.java:108) - looking up handler for path: /category/all 2022-10-07T21:43:51.998+0800 DEBUG http-nio-8080-exec-1 (AbstractHandlerMapping.java:522) - Mapped to com.edar.sales.be.controller.CategoryController#getAllCategories() 2022-10-07T21:43:52.002+0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:86) - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.015+0800 DEBUG http-nio-8080-exec-1 (HttpSessionSecurityContextRepository.java:346) - Did not store anonymous SecurityContext 2022-10-07T21:43:52.018+0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:111) - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.019+0800 DEBUG http-nio-8080-exec-1 (FrameworkServlet.java:1131) - Completed 403 FORBIDDEN
This is my Controller Class
package com.edar.sales.be.controller;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.beanutils.BeanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import com.edar.sales.be.dto.CategoryDTO;
import com.edar.sales.be.entity.Category;
import com.edar.sales.be.service.CategoryService;
import com.google.gson.Gson;
@RestController(value = "category/")
public class CategoryController {
private static final Logger LOG = LoggerFactory.getLogger(CategoryController.class);
private static final Gson GSON = new Gson();
@Autowired
CategoryService categoryService;
@GetMapping(value = "category/all")
public List<CategoryDTO> getAllCategories() throws IllegalAccessException, InvocationTargetException {
List<CategoryDTO> retval = new ArrayList<>();
List<Category> categories = categoryService.getAllCategories();
for (Category category : categories) {
CategoryDTO categoryDTO = new CategoryDTO();
BeanUtils.copyProperties(categoryDTO, category);
retval.add(categoryDTO);
}
return retval;
}
@GetMapping(value = "category/{id}")
public CategoryDTO getCategoryById(@PathVariable("id") long id) throws IllegalAccessException, InvocationTargetException {
CategoryDTO categoryDTO = new CategoryDTO();
BeanUtils.copyProperties(categoryDTO, categoryService.getCategoryById(id));
return categoryDTO;
}
@PostMapping(value = "category/delete/{id}")
public void deleteCategoryById(@PathVariable("id") Long id) {
categoryService.deleteCategoryById(id);
}
@PostMapping(value = "category/add")
public void addCategory(@RequestBody Category category) {
LOG.debug("Adding category : {}", GSON.toJson(category));
categoryService.addCategory(category);
}
@PatchMapping(value = "category/update")
public void updateCategory(@RequestBody Category category) {
LOG.debug("Updating category : {}", GSON.toJson(category));
categoryService.addCategory(category);
}
}
And this is my SecurityConfig
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("**").permitAll();
}
}
Solution
Try using this and also use SecurityFilterChain for spring security because WebSecurityConfigurerAdapter is deprecated.
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/**").permitAll()
.and
.httpBasic();
}
}
Answered By - Sandeep Kumar Nat
Answer Checked By - Robin (JavaFixing Admin)