-
-
Notifications
You must be signed in to change notification settings - Fork 464
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Completed 403 FORBIDDEN in spring-reactive-sample-boot-data-mongo when doing post #7
Comments
Here is my call just for your information: CSRF Token has been associated to this clientDiegos-MBP:engine-monitor-speedman-enterprise Diego$ curl -v -X POST http://localhost:8080/posts -u "admin:admin123" -H "Content-Type:application/json" -d "{\ My Post"}"y Post","content":"content of
|
Hi Hantsy return http This is my UserDetailRepository: @bean and this is my curl call: curl -v -X POST http://localhost:8080/posts -u "admin:admin123" -H "Content-Type:application/json" -d "{"title":"My Post","content":"content of My Post"}" This is my response: Diegos-MBP:engine-monitor-speedman-enterprise Diego$ curl -v -X POST http://localhost:8080/posts -u "admin:admin123" -H "Content-Type:application/json" -d "{"title":"My Post","content":"content of My Post"}"
|
Hi Hantsy I think I finally make it work in my local, I had to add not only .csrf().disable() but also this .httpBasic(), here is my SecurityConfig file: `package com.example.demo; import org.springframework.context.annotation.Bean; import reactor.core.publisher.Mono; @EnableWebFluxSecurity
} ` Any suggestion about it is more than welcome, thanks a lot ! |
@darmandovargas3 Yes, the newest Spring Security reactive added CSRF support. I will review the relative codes. |
* fixed a typo error * Upgraded Spring Boot to 2.0.3 * Fix typo * mongo transaction sample. * added Mongo cluster docker compose yml file. * updated the mongo init scripts. * added initdb user and password to initialize scripts in Mongo. * added redis messaging. * upgraded Spring Boot 2.1.0.RC1 * fixed tests in vanilla. * clean codes. * init codes of Spring Data R2DBC * added postgres db in docker-compose.yml * fixed Repository bean discovery issue. * added subscribe to the stream * added init.sql into docker. * Upgrade to Spring Boot 2.1.0.RELEASE * fixed hantsy#7 * added @DataMongoTest example.
Hi dear Hantsy
Before all I want to thank you for this awesome collection of samples.
I'm working on the spring-reactive-sample-boot-data-mongo, my problem is with something I guess beyond the authentication, I know you have a portion of your documentation about it (https://github.com/hantsy/spring-reactive-sample#security-for-webflux) the thing is that no mater if I use your same curl with username and password of you sample, I always get this result in postman:
CSRF Token has been associated to this client
and in the backend I got this:
2018-11-21 22:07:28.968 DEBUG 46190 --- [ctor-http-nio-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [feb8e527] HTTP POST "/posts"
2018-11-21 22:07:28.974 DEBUG 46190 --- [ctor-http-nio-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [feb8e527] Completed 403 FORBIDDEN
2018-11-21 22:07:39.423 DEBUG 46190 --- [ctor-http-nio-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [feb8e527] HTTP DELETE "/posts/5bf616be20058db33b1939ad"
2018-11-21 22:07:39.425 DEBUG 46190 --- [ctor-http-nio-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [feb8e527] Completed 403 FORBIDDEN
a bunch of Completed 403 FORBIDDEN messages, do you have an idea what is it ?
Thanks a lot for you time
Best Regards
Diego Vargas
The text was updated successfully, but these errors were encountered: