I have added basic authentication in my Rest API. My API is CRUD. I have changed the username and password. When I apply the GET, GET by id parameter and POST, they are working flawlessly but when I call the PUT and DELETE, I get 401 unauthorized. I have checked the username and password for they are correct or no. There is no problem about it. What is the reason about this issue?
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.xyztq</groupId>
<artifactId>TodoApp2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>TodoApp2</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-mongodb</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.project.lombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
SecurityConfiguration class
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
http.httpBasic();
http.formLogin();
http.authorizeHttpRequests().requestMatchers("/todos").authenticated().and()
.csrf().ignoringRequestMatchers("/todos")
.and().authorizeHttpRequests().requestMatchers("/todos/{id}").authenticated().and()
.csrf().ignoringRequestMatchers("/todos/{id}");
return http.build();
}
This is my controller
@RestController
@RequestMapping("/todos")
@AllArgsConstructor
public class TodoController {
private final TodoService todoService;
@GetMapping
public ResponseEntity<List<Todo>> getTodos(@RequestParam(required = false) String title){
return new ResponseEntity<>(todoService.getTodos(title), OK);
}
@GetMapping("/{id}")
public ResponseEntity<Todo> getTodo(@PathVariable String id){
return new ResponseEntity<>(todoService.getTodoById(id), OK);
}
@PostMapping
public ResponseEntity<Todo> createTodo(@RequestBody Todo todo){
return new ResponseEntity<>(todoService.createTodo(todo), OK);
}
@PutMapping("/{id}")
public ResponseEntity<Void> updateTodo(@PathVariable String id,@RequestBody Todo todo){
todoService.updateTodo(id,todo);
return new ResponseEntity<>(OK);
}
@PatchMapping("/{id}")
public ResponseEntity<Void> updateDoneTodo(@PathVariable String id,@RequestBody Todo todo){
todoService.patchTodo(id,todo);
return new ResponseEntity<>(OK);
}
@DeleteMapping("/{id}")
public ResponseEntity<Void> deleteTodo(@PathVariable String id){
todoService.deleteTodo(id);
return new ResponseEntity<>(OK);
}
