Spring Security with default security gives 401 for PUT and 200 for GET

Others 2022-04-28 15:36:22 views: 0
thatgirlwhocodes :

I developed a spring boot application with basic security. I have two endpoints with same path and different http methods. When I include basic security with default password/with password given in application.yml, the GET api/products/{id} is authenticated and PUT api/products/{id} gives 401 unauthorized.

What is the issue with my code? Did I miss anything understanding the Spring security? Any links which I may have missed for spring security will be helpful?

My code snippets are as below,

My controller 

@RestController
@RequestMapping(value = "api")
public class ProductController {

    @RequestMapping(value = "/products/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity<Object> getById(@PathVariable(value = "id") Integer id) {
           //Implementation

    }

    @RequestMapping(value = "/products/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE)
    public ResponseEntity updateById(@PathVariable(value = "id") Integer id,
                                                                   @RequestBody UpdateProductRequest updateProductRequest) {
        //Implementation
    }
}

application.yml

spring:
  security:
    user:
      name: admin
      password: admin

build.gradle dependencies

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    compile group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '2.2.0.RELEASE'
    implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'

    compileOnly 'org.projectlombok:lombok'
    developmentOnly 'org.springframework.boot:spring-boot-devtools'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation('org.springframework.boot:spring-boot-starter-test') {
        exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
    }
    implementation 'junit:junit:4.12'
}

Thanks in advance

Updated with the postman screenshots: enter image description hereenter image description here

CodeWalter :

This might be a Csrf configuration issue.

You have to override WebSecurityConfigurerAdapter

Try this..

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.cors();
    http.authorizeRequests().anyRequest().fullyAuthenticated();
    http.httpBasic();
  }
}

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=355720&siteId=1
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com