1

I'm new to Spring Boot and currently stuck. I followed this (https://github.com/AppDirect/service-integration-sdk/wiki) Tutorial, as I want to implement an application that integrates itself into AppDirect. In the log I can see that the endpoints get created and mapped:

2018-10-29 16:32:48.898  INFO 8644 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/api/v1/integration/processEvent],methods=[GET],produces=[application/json]}" onto public org.springframework.http.ResponseEntity<com.appdirect.sdk.appmarket.events.APIResult> com.appdirect.sdk.appmarket.events.AppmarketEventController.processEvent(javax.servlet.http.HttpServletRequest,java.lang.String)

But when I try to access the endpoint (http://localhost:8080/api/v1/integration/processEvent) with Browser or Http-Requester I get the following response: {timestamp":"2018-10-29T08:50:13.252+0000","status":403,"error":"Forbidden","message":"Access Denied","path":"/api/v1/integration/processEvent"}

My application.yml looks like this:

connector.allowed.credentials: very-secure:password

server:
  use-forward-headers: true
  tomcat:
    remote_ip_header: x-forwarded-for

endpoints:
  enabled: true
  info:
    enabled: true
    sensitive: false
  health:
    enabled: true
    sensitive: false
    time-to-live: 5000

info:
  build:
    name: @project.name@
    description: @project.description@
    version: @project.version@

This is my Application.java:

package de.....;

import java.nio.charset.Charset;
import java.util.Collections;
import java.util.List;

import org.springframework.boot.SpringApplication;
import org.springframework.http.MediaType;
import org.springframework.http.converter.FormHttpMessageConverter;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

public class Application extends WebMvcConfigurerAdapter {
    public static void main(String... args) {
        SpringApplication.run(RootConfiguration.class, args);
    }

    /**
     * Hack to make Spring Boot @Controller annotated classed to recognize the 'x-www-form-urlencoded' media type
     *
     * @param converters
     */
    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
        FormHttpMessageConverter converter = new FormHttpMessageConverter();
        MediaType mediaType = new MediaType("application", "x-www-form-urlencoded", Charset.forName("UTF-8"));
        converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
        converters.add(converter);
        super.configureMessageConverters(converters);
    }
}

And this is the RootConfiguration.java:

package de.....;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

import com.appdirect.sdk.ConnectorSdkConfiguration;
import com.appdirect.sdk.appmarket.DeveloperSpecificAppmarketCredentialsSupplier;
import com.appdirect.sdk.credentials.StringBackedCredentialsSupplier;

import de.....;

@Configuration
@Import({
    ConnectorSdkConfiguration.class,
    EventHandlersConfiguration.class
})
@EnableAutoConfiguration
public class RootConfiguration {

    @Bean
    public DeveloperSpecificAppmarketCredentialsSupplier environmentCredentialsSupplier(@Value("${connector.allowed.credentials}") String allowedCredentials) {
        return new StringBackedCredentialsSupplier(allowedCredentials);
    }
}

Any help is appreciated as intensive googleing didn't help. Thanks in advance.

Sebastian Lang
  • 492
  • 1
  • 6
  • 18
  • 3
    You are using Spring Security, right? If so, you should know by default all endpoints are secured, so you must do login in order to make further request to resources. If your intention is not to have the endpoints secured, remove Spring Security from your dependencies. – lealceldeiro Oct 29 '18 at 15:48
  • Thank you for pointing me in the right direction. The following page led to me to my solution, see my own answer below: https://stackoverflow.com/questions/23894010/spring-boot-security-disable-security – Sebastian Lang Oct 30 '18 at 09:01

1 Answers1

1

Adding the following class and registering it in Application.java solved my problem:

package de.......;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests().antMatchers("/").permitAll();
    }

}
Sebastian Lang
  • 492
  • 1
  • 6
  • 18