Use postman to test the API that enables spring security
I’m developing an application based on Spring Boot + Spring Security. I have used jdbcAuthentication to authenticate users. I also configured a custom login form.
After running the application, I was able to successfully log in and get an API response through a browser, but when I tried to test the API with Postman, I only got an HTML login page as a response. How do I get the required API json response?
My Profile:
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
System.out.println("auth manager called");
auth. jdbcAuthentication() .usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery) .dataSource(dataSource)
.passwordEncoder(noop);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("Http scurity called");
http.httpBasic().
and().
authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/registration").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.antMatchers("/db").hasAuthority("DBA")
.antMatchers("/user").hasAuthority("USER").anyRequest()
.authenticated().and().csrf().disable().formLogin()
.loginPage("/login").failureUrl("/login?error=true")
.successHandler(customSuccessHandler)
.usernameParameter("username")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and().exceptionHandling()
.accessDeniedPage("/access-denied");
}
My Controller file:
@RequestMapping(value = { "/", "/login" }, method = RequestMethod.GET)
public ModelAndView login() {
System.out.println("/login called");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("login");
return modelAndView;
}
@RequestMapping(value = "/admin", method = RequestMethod.GET, produces = { "application/json" })
public UserUniconnect home(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String currentUser = null;
if (!( auth instanceof AnonymousAuthenticationToken)) {
currentUser = auth.getName();
}
User user1 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
user1.getAuthorities();
System.out.println("++++++++++++++++++++++++++++++");
System.out.println(request == null);
Users u = (Users) request.getSession(false).getAttribute("user");
Uniconnect uni = (Uniconnect) request.getSession(false).getAttribute("uniconnect");
UserUniconnect uu = new UserUniconnect();
uu.setUser(u);
uu.setUniconnect(uni);
return uu;
}
I’m returning a java object as a response that Spring Boot is able to convert to JSON format.
Solution
Setting basic authentication parameters in Postman may help:
You will most likely need to get the session ID from the cookie after manually logging in using your browser, and then provide this cookie to Postman:
Getting cookies from your browser varies from the browser itself, but both Chrome and Firefox have developer utilities built in, so this shouldn’t be a problem.