Spring boot - return 403 Forbidden instead of redirect to login page

java spring spring-mvc spring-security spring-boot
11,110

This is a community Answer:

Problem:

Forbidden urls were returning the login page content (instead of a 403 status code).

I Had this code:

...
http.authorizeRequests().antMatchers("/uri/**").hasAuthority("SOME_ROLE");

Changed with Tong's suggestion:

...
http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
http.authorizeRequests().antMatchers("/uri/**").hasAuthority("SOME_ROLE");
Share:
11,110
alexanoid
Author by

alexanoid

Updated on June 22, 2022

Comments

  • alexanoid
    alexanoid almost 2 years

    In Spring Boot web application I have a following security configuration:

    @Override
public void configure(HttpSecurity http) throws Exception {
    // @formatter:off   
    http
        .headers().frameOptions().disable()
        .and()
            .antMatcher("/**").authorizeRequests()
            .antMatchers("/actuator/health").permitAll()
            .antMatchers("/actuator/**").hasAuthority(Authority.Type.ROLE_ADMIN.getName())
            .antMatchers("/login/**").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/login")
                .failureUrl("/login?error").permitAll()
        .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout")
        .and()
            .csrf().csrfTokenRepository(csrfTokenRepository())
        .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    // @formatter:on
}

    Right now, when I'm trying to access for example following url: /api/v1.0/user it redirects me to /api/login page.

    How to configure this in order to return 403 Forbidden instead of redirect to login page ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to achieve Ldap Authentication using spring security(spring boot)
Spring security 401 Unauthorized even with permitAll
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
Spring Boot Security Anonymous authorization
Java + Spring Boot: I am trying to add CacheControl header to ResponseEntity
Spring Security/Spring Boot - How to set ROLES for users
How to disable csrf in Spring using application.properties?
Disable Spring Security config class for @WebMvcTest in Spring Boot
Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web - Annotations
How to enable HTTP response caching in Spring Boot