spring boot security + rest not working [closed]

Question

Hello. I have never worked with spring boot before and now I decided to try making a simple spring boot application + security + rest + hibernate + postgreSQL. A snag occurred with access to the rest address of the registration of a new user writes:

"status": 404, "error": "Not Found", "message": "No message available", "path": "/rest/registration/save"

When I turn off spring security, access to the address is carried out without problems.

POM.xml

 <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.1.2.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <!--<dependency>--> <!--<groupId>org.springframework.security</groupId>--> <!--<artifactId>spring-security-taglibs</artifactId>--> <!--</dependency>--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <scope>runtime</scope> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> </dependency> </dependencies>

Springsecurity.java

 @Configuration @EnableWebSecurity(debug=true) @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired @Qualifier("IUserDetailsService") private UserDetailsService detailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password("1234").roles("USER"); auth.userDetailsService(detailsService).passwordEncoder(passwordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/**", "/login/**", "/registration/**").permitAll(); http.authorizeRequests().antMatchers("/admin").access("hasAnyRole('ADMIN')"); http.formLogin() .loginPage("/login") .loginProcessingUrl("/j_spring_security_check") .usernameParameter("j_username") .passwordParameter("j_password") .defaultSuccessUrl("/") .permitAll(); http.logout() .permitAll() .logoutUrl("/logout") .logoutSuccessUrl("/") .invalidateHttpSession(true) .and() .exceptionHandling().accessDeniedPage("/403"); } @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }

RegistrationRestController.java

 @RestController @AllArgsConstructor @RequestMapping(value = "/rest/registration") public class RegistrationRestController { private final UsersService usersService; @PostMapping(value = "/save") public void registrationNewUser(@RequestBody Users user) { usersService.saveNewUser(user); } }

Application.java

 @SpringBootApplication public class Application extends SpringBootServletInitializer { @Override protected SpringApplicationBuilder configure(SpringApplicationBuilder springApplicationBuilder) { return springApplicationBuilder.sources(Application.class); } public static void main(String[] args) { SpringApplication.run(Application.class, args); } }

I don’t post all the code because there’s no point in models or repositories and other classes. What may be missing in the application for the normal functioning of the class annotated @RestController?

I do not know whether it will help or not, but Application extends ... and the override method needs to be removed
It is strange that 404 issues, if at least 401 or 403, then this is another matter
I don’t know where you found such a SecurityConfig, but this is clearly from the version of Spring Security 3. Try removing .loginProcessingUrl() , .usernameParameter() and .passwordParameter() .

ONYX ONYX one four · Accepted Answer · 2019-03-02T21:44:01

all solved the problem by adding the following line http.csrf().disable().exceptionHandling(); to the config file SecurityConfig.java

 @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().exceptionHandling(); http.authorizeRequests().antMatchers("/**", "/login/**", "/registration/**").permitAll(); http.authorizeRequests().antMatchers("/admin").access("hasAnyRole('ADMIN')"); http.formLogin() .loginPage("/login") .loginProcessingUrl("/j_spring_security_check") .usernameParameter("j_username") .passwordParameter("j_password") .defaultSuccessUrl("/") .permitAll(); http.logout() .permitAll() .logoutUrl("/logout") .logoutSuccessUrl("/") .invalidateHttpSession(true) .and() .exceptionHandling().accessDeniedPage("/403"); }

thanks to all.

spring boot security + rest not working [closed]

Closed due to the fact that off-topic participants are Roman C , LFC , 0xdb , aleksandr barakin , Eugene Krivenja on 6 March at 11:06 .

1 answer 1

More articles: