1 year ago

#252072

test-img

Sahil Mankani

Java Spring Boot Security authorization

I'm trying to get a value from my rest api but for some reason it not letting me get it from an authorize user but when i set it permitAll() it does. I'm receiving a 403 error code.

Backend

        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        
http.authorizeRequests().antMatchers(HttpMethod.GET,"/token/refresh/**").hasAnyAuthority("ROLE_USER");
        http.authorizeRequests().antMatchers(HttpMethod.GET,"/api/user/**").hasAnyAuthority("ROLE_USER");
        http.authorizeRequests().antMatchers(HttpMethod.GET,"/api/user/{username}/**").hasAnyAuthority("[ROLE_ADMIN]");
        http.authorizeRequests().antMatchers(HttpMethod.POST,"/api/user/save/**").hasAnyAuthority("ROLE_ADMIN");
        http.authorizeRequests().antMatchers("/api/login/**","/api/user/save/**","/api/role/addtouser/**").permitAll();
        http.authorizeRequests().anyRequest().authenticated();
        http.addFilter(customAuthenticationFilter);
        http.addFilterBefore(new CustomAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);
        http.httpBasic();

Front-End here is the request is being send.

getUserId(username) {
    this.http.get(`http://localhost:8080/api/user/${username}`).subscribe(
      resp=>{
        sessionStorage.setItem("id",resp.toString())
      }
    )
  }

Interceptor this is my interceptor i think it's adding it to the header

export class HttpInterceptorInterceptor implements HttpInterceptor {

  constructor(private authrnticationService: AuthenticationServiceService, private router:Router) {}

  intercept(req: HttpRequest<any>, next: HttpHandler){
    let httpHeaders = new HttpHeaders();
    

    let basicAuthHeaderString=this.authrnticationService.getAuthenticatedtoken();
    let username= this.authrnticationService.getEmail();

    
    if (!req.headers.has('Content-Type')) {
        httpHeaders = httpHeaders.append('Content-Type', 'application/x-www-form-urlencoded')
      }

    if (basicAuthHeaderString) {
      httpHeaders = httpHeaders.append('Authorization', basicAuthHeaderString)
    }
    
    const xhr=req.clone({
        headers: httpHeaders
    })

    
    return next.handle(xhr).pipe(tap(() => {},
      (err: any) => {
        if (err instanceof HttpErrorResponse) {
          if (err.status !== 401) {
            return;
          }
          sessionStorage.clear()
          this.router.navigate(['login']);
        }
      }));
  }
}

java

angular

frontend

java-security

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs