时间戳

首页 > 解决方案 > Swagger POST return 403 Forbidden Spring boot Spring security

java - Swagger POST return 403 Forbidden Spring boot Spring security

问题描述

我仅在 POST 方法请求中大摇大摆地获得 403 状态 Forbidden。我尝试了所有 spring security cfg 来解决这个问题,但只适用于 GET 方法。我正在使用弹簧靴、弹簧安全和招摇。¿ 有人可以帮助我吗?这是招摇的cfg:

@Configuration
@EnableSwagger2
public class SwaggerConfig {
    
    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)  
                .select()                                  
                .apis(RequestHandlerSelectors.any())              
                .paths(PathSelectors.any())                          
                .build();
    }
}

这是spring security cfg:

@Configuration
@EnableWebSecurity
public class SecurityCFG extends WebSecurityConfigurerAdapter{
    
    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        PasswordEncoder encoder = encoder();
        auth
          .inMemoryAuthentication()
          .withUser("carlos")
          .password(encoder.encode("admin123"))
          .roles("USER")
          .and()
          .withUser("carlos2")
          .password(encoder.encode("admin123"))
          .roles("USER", "ADMIN");
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests()
          .antMatchers(
                  "/v2/api-docs", 
                  "/swagger-resources/**",  
                  "/swagger-ui.html", 
                  "/webjars/**" ,
                   /*Probably not needed*/ "/swagger.json")
          .permitAll()
          .anyRequest()
          .authenticated()
          .and()
          .httpBasic();
    }
    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/v2/api-docs/**");
        web.ignoring().antMatchers("/swagger.json");
        web.ignoring().antMatchers("/swagger-ui.html");
        web.ignoring().antMatchers("/swagger-resources/**");
        web.ignoring().antMatchers("/webjars/**");
    }
}

感谢阅读!

标签: javaspringspring-bootspring-securityswagger

解决方案

前一周我遇到了类似的问题,这就是我让我的工作的方式,我需要添加比我想象的更多的匹配器并添加 csrf 禁用,但它似乎工作正常。

@Bean(name="configure")
@Conditional(DevConditional.class)
public SecurityWebFilterChain configureDev(ServerHttpSecurity http) throws Exception {
    return http
            .csrf().disable()
            .authorizeExchange()
            .pathMatchers("/v2/api-docs").permitAll()
            .pathMatchers("/configuration/ui").permitAll()
            .pathMatchers("/swagger-resources/**").permitAll()
            .pathMatchers("/configuration/security").permitAll()
            .pathMatchers("/swagger-ui.html").permitAll()
            .pathMatchers("/swagger-ui/*").permitAll()
            .pathMatchers("/webjars/**").permitAll()
            .pathMatchers("/v2/**").permitAll()
            .and().cors()
            .and().oauth2ResourceServer()
            .jwt().and().and().build();
}

我得到了这个“.csrf().disable()”的答案:Spring boot with WebFlux always throw 403 status in testing

推荐阅读