【问题标题】:403 Bad Request sending a post request from URI with name parameter403 Bad Request 从 URI 发送带有 name 参数的 post 请求
【发布时间】:2022-01-12 09:50:03
【问题描述】:

我在 JWT 身份验证之后过滤了我的发布请求(即使我按照以下代码禁用它)。不确定我是否做错了什么。 URI 请求:localhost:8016/api/v1/VILLA+ITALIA/table 参数:名称

enter image description here

    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().disable().formLogin().disable()
              .csrf().ignoringAntMatchers(API_URL_PREFIX, H2_URL_PREFIX)
              .and()
              .headers().frameOptions().sameOrigin() // for H2 Console
              .and()
              .cors()
              .and()
              .authorizeRequests()
              .antMatchers(HttpMethod.GET, RESTAURANT_URL).permitAll()
              .antMatchers(HttpMethod.POST, RESTAURANT_URL).permitAll()
              .antMatchers(HttpMethod.POST, TOKEN_URL).permitAll()
              .antMatchers(HttpMethod.DELETE, TOKEN_URL).permitAll()
              .antMatchers(HttpMethod.POST, SIGNUP_URL).permitAll()
              .antMatchers(HttpMethod.POST, REFRESH_URL).permitAll()
              .antMatchers(HttpMethod.GET, SERVICES_URL).permitAll()
              .antMatchers(HttpMethod.POST, SERVICES_URL).permitAll()
              .antMatchers(HttpMethod.GET, BOOKINGS_URL).permitAll()
              .antMatchers(HttpMethod.POST, BOOKINGS_URL).permitAll()
              .antMatchers(HttpMethod.GET, CUSTOMERS_URL).permitAll()
              .antMatchers(HttpMethod.POST, CUSTOMERS_URL).permitAll()
              .antMatchers(HttpMethod.POST, TABLES_URL).permitAll()
//              .mvcMatchers(HttpMethod.POST, "/api/v1/restaurants**")
//              .hasAuthority(RoleEnum.ADMIN.getAuthority())
              .anyRequest().authenticated()
              .and()
              //.addFilterBefore(new JwtAuthenticationFilter(new JwtManager(), (UserService) userService), UsernamePasswordAuthenticationFilter.class)
//              .oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer.jwt(
//                    jwt -> jwt.jwtAuthenticationConverter(getJwtAuthenticationConverter())))
              .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    } ```

【问题讨论】:

  • 请澄清您的具体问题或提供其他详细信息以准确突出您的需求。正如目前所写的那样,很难准确地说出你在问什么。

标签: spring spring-security


【解决方案1】:

没有与“/api/v1/VILLA+ITALIA/table”url匹配的antMatchers语句。

用下面的句子试试:

 .antMatchers(HttpMethod.GET, "/api/v1/**/table").permitAll()

【讨论】:

  • 我已经修改了uri /api/v1/restaurants/{restName}/table 和 .antMatchers(HttpMethod.POST, ""/api/v1/restaurants").permitAll() 但它赢了不工作
  • 您是否使用了通配符? /api/v1/*/restaurant p.e.
猜你喜欢
  • 2016-05-18
  • 1970-01-01
  • 2018-04-13
  • 2019-10-22
  • 2015-07-22
  • 2020-11-18
  • 2019-12-04
  • 1970-01-01
  • 2016-06-20
相关资源
最近更新 更多