Swagger POST返回403 Forbidden Spring boot Spring security

Question

Swagger POST返回403 Forbidden Spring boot Spring security

Gus*_*rez 6 java spring spring-security swagger spring-boot

我仅针对 POST 方法请求在 swagger 中收到 403 状态 Forbidden。\n我尝试了所有 spring security cfg 来解决此问题，但仅适用于 GET 方法。\n我正在使用 spring boot、spring security 和 swagger。\n\xc2\xbf有人可以帮我吗？\n这是 swagger cfg：

\n

@Configuration\n@EnableSwagger2\npublic class SwaggerConfig {\n    \n    @Bean\n    public Docket api() {\n        return new Docket(DocumentationType.SWAGGER_2)  \n                .select()                                  \n                .apis(RequestHandlerSelectors.any())              \n                .paths(PathSelectors.any())                          \n                .build();\n    }\n}\n

Run Code Online (Sandbox Code Playgroud)\n

这是 Spring Security cfg：

\n

@Configuration\n@EnableWebSecurity\npublic class SecurityCFG extends WebSecurityConfigurerAdapter{\n    \n    @Bean\n    public PasswordEncoder encoder() {\n        return new BCryptPasswordEncoder();\n    }\n    \n    @Override\n    protected void configure(AuthenticationManagerBuilder auth) throws Exception {\n        PasswordEncoder encoder = encoder();\n        auth\n          .inMemoryAuthentication()\n          .withUser("carlos")\n          .password(encoder.encode("admin123"))\n          .roles("USER")\n          .and()\n          .withUser("carlos2")\n          .password(encoder.encode("admin123"))\n          .roles("USER", "ADMIN");\n    }\n    \n    @Override\n    protected void configure(HttpSecurity http) throws Exception {\n        http\n          .authorizeRequests()\n          .antMatchers(\n                  "/v2/api-docs", \n                  "/swagger-resources/**",  \n                  "/swagger-ui.html", \n                  "/webjars/**" ,\n                   /*Probably not needed*/ "/swagger.json")\n          .permitAll()\n          .anyRequest()\n          .authenticated()\n          .and()\n          .httpBasic();\n    }\n    \n    @Override\n    public void configure(WebSecurity web) throws Exception {\n        web.ignoring().antMatchers("/v2/api-docs/**");\n        web.ignoring().antMatchers("/swagger.json");\n        web.ignoring().antMatchers("/swagger-ui.html");\n        web.ignoring().antMatchers("/swagger-resources/**");\n        web.ignoring().antMatchers("/webjars/**");\n    }\n}\n

Run Code Online (Sandbox Code Playgroud)\n

感谢您的阅读！

\n

Answer 1

oct*_*rot 5

前一周我遇到了类似的问题，这就是我如何工作的，我需要添加比我想象的更多的匹配器，并添加 csrf 禁用，但它似乎工作正常。

@Bean(name="configure")
@Conditional(DevConditional.class)
public SecurityWebFilterChain configureDev(ServerHttpSecurity http) throws Exception {
    return http
            .csrf().disable()
            .authorizeExchange()
            .pathMatchers("/v2/api-docs").permitAll()
            .pathMatchers("/configuration/ui").permitAll()
            .pathMatchers("/swagger-resources/**").permitAll()
            .pathMatchers("/configuration/security").permitAll()
            .pathMatchers("/swagger-ui.html").permitAll()
            .pathMatchers("/swagger-ui/*").permitAll()
            .pathMatchers("/webjars/**").permitAll()
            .pathMatchers("/v2/**").permitAll()
            .and().cors()
            .and().oauth2ResourceServer()
            .jwt().and().and().build();
}

Run Code Online (Sandbox Code Playgroud)

我从以下位置得到了“.csrf().disable()”答案：Spring boot with WebFlux always throw 403 status in test

归档时间：	5 年，2 月前
查看次数：	14016 次
最近记录：	2 年，10 月前