如何解决 Spring Boot Post 请求中的 403 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/50486314/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Solve 403 Error in Spring Boot Post Request
提问by Harshal Deshmukh
I am newbie in spring boot rest services. I have developed some rest api in spring boot using maven project.
我是 Spring Boot Rest 服务的新手。我已经使用 maven 项目在 spring boot 中开发了一些 rest api。
I have successfully developed Getand PostApi. My GETMethod working properly in postman and mobile. when i am trying to hit post method from postman its working properly but from mobile its gives 403 forbidden error.
我已经成功开发了Get和PostApi。我的GET方法在邮递员和移动设备中正常工作。当我试图从邮递员那里点击 post 方法时,它工作正常,但从移动设备上它给出了 403 禁止错误。
This is my Configuration:
这是我的配置:
spring.datasource.url = jdbc:mysql://localhost/sampledb?useSSL=false
spring.datasource.username = te
spring.datasource.password = test
spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQL5InnoDBDialect
Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto = update
Please Suggest me how to solve error.
请建议我如何解决错误。
回答by Ezzat Eissa
you have to disable csrf Protection because it is enabled by default in spring security: here you can see code that allow cors origin.
您必须禁用 csrf 保护,因为它在 Spring Security 中默认启用:在这里您可以看到允许 cors 来源的代码。
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception{
http.cors().and().csrf().disable();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
回答by desoss
Possible causes:
可能的原因:
- Requests done from postman are different to the one done from mobile (uri, method, headers)
- Invalid token
- CORS (read something about it, google is full of articles) add @CrossOrigin annotation to your controller.
- mobile app is doing an OPTION request before performing the POST, and you block OPTION requests. If also from postman the OPTION requests are blocked, add the property spring.mvc.dispatch-options-request=true. Moreover, in case you are using spring security, you have to explicitly allow OPTION requests also for it.
- 从邮递员完成的请求与从移动设备完成的请求不同(uri、方法、标题)
- 令牌无效
- CORS(阅读有关它的内容,google 上满是文章)将 @CrossOrigin 注释添加到您的控制器。
- 移动应用程序在执行 POST 之前正在执行 OPTION 请求,而您阻止了 OPTION 请求。如果同样来自邮递员的 OPTION 请求被阻止,请添加属性spring.mvc.dispatch-options-request=true。此外,如果您使用的是 spring security,您还必须明确允许 OPTION 请求。
回答by Stephen Paul
To build on the accepted answer
以公认的答案为基础
Many HTTP client libraries (eg Axios) implicitly set a Content-Type: JSONheader for POST requests. In my case, I forgot to allow that header causing only POSTS to fail.
许多 HTTP 客户端库(例如 Axios)隐式地Content-Type: JSON为 POST 请求设置了一个标头。就我而言,我忘记允许该标头仅导致 POSTS 失败。
@Bean
CorsConfigurationSource corsConfigurationSource() {
...
configuration.addAllowedHeader("Content-Type"); // <- ALLOW THIS HEADER
...
}
