Java 邮递员403禁止留言
我用restspring制作了一些api。GET request在Postman中工作正常,但当我尝试执行POST request时,收到以下错误:Java 邮递员403禁止留言,java,spring,rest,postman,Java,Spring,Rest,Postman,我用restspring制作了一些api。GET request在Postman中工作正常,但当我尝试执行POST request时,收到以下错误: { "timestamp": "2018-09-25T06:39:27.226+0000", "status": 403, "error": "Forbidden", "message": "Forbidden", "path": "/cidashboard/projects" } 这是我的控制器: @Re
{
"timestamp": "2018-09-25T06:39:27.226+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/cidashboard/projects"
}
@RestController
@RequestMapping(ProjectController.PROJECT_URL)
public class ProjectController {
public static final String PROJECT_URL = "/cidashboard/projects";
private final ProjectService projectService;
public ProjectController(ProjectService projectService) {
this.projectService = projectService;
}
@GetMapping
List<Project> getAllProjects(){
return projectService.findAllProjects();
}
@GetMapping("/{id}")
Project getProjectById(@PathVariable int id) {
return projectService.findProjectById(id);
}
@PostMapping
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}
}
使用
@EnableWebSecuritycsrf@Override
protected void configure(HttpSecurity http) throws Exception {
http //other configure params.
.csrf().disable();
}
@PostMapping(consumes = "application/json")
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}
你能添加安全配置类代码吗?我猜你的post请求中没有包含CSRF令牌。我添加了,现在我收到了这个错误:415不支持的媒体类型,所以你的建议是让应用程序只在测试时更不安全…不支持的媒体类型关于你的发送类型。哪种类型是从postman JSON或whatelse发送的?@M.Deinum但他忽略了csrf,这意味着他不需要这个令牌。如果他使用,csrf支持是默认的。这意味着他不想使用csrf令牌。这是一个假设。他之所以忽略csrf令牌,很可能是因为他不知道默认情况下启用了csrf保护。尽管如此,给出建议以降低应用程序的安全性始终是一个糟糕的答案(即imho)。
@PostMapping(consumes = "application/json")
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}