I’m creating a simple project in Spring Boot, but im having some difficulty in creating this POST Request.
Basically every time i try it gives me the 403 error (the payload is correct only the status is giving me error saying its down since i “don’t have permition to access”). I’ve even tried to do .permitAll() but it still doesn’t work.
Fig. 1 – Error Messages
Some code:
# **I have the following js code:**
// Creates a new event
const newEvent = {
id: null,
title: title,
start: start,
end: end,
allDay: allDay,
backgroundColor: backgroundColor,
textColor: textColor,
extendedProps: {
description: description,
creator: creator
}
};
// sends event to backend
fetch('/api/events/add', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(newEvent)
})
.then(response => {
if (!response.ok) {
throw new Error('Error saving the event.');
}
return response.json();
})
.then(data => {
// Add the event to the calendar
newEvent.id = data.id;
gereralCalendar.addEvent(newEvent);
personalCalendar.addEvent(newEvent);
})
.catch(error => {
console.error('Error:', error);
});
# **I also have the following Controller:**
@RestController
@RequestMapping("/api/events")
public class EventRestController {
@Autowired
EventService eventService;
@Autowired
UserService userService;
@GetMapping("/all")
public List<EventDto> getAllEvents() {
return eventService.findAllEvents();
}
@GetMapping("/personal")
public List<EventDto> getPersonalEvents(Principal principal) {
return eventService.findEventsUser(principal.getName());
}
@PostMapping("/add")
public ResponseEntity<Event> createEvent(@RequestBody EventDto eventDto) {
Event savedEvent = eventService.saveEvent(eventDto);
return ResponseEntity.ok(savedEvent);
}
}
# **class:**
@Getter
@Setter
public class EventDto {
private int id;
private String title;
private Boolean allDay;
private LocalDateTime start;
private LocalDateTime end;
private String backgroundColor;
private String textColor;
private ExtendedProps extendedProps;
@Getter
@Setter
public static class ExtendedProps {
private String description;
private String creator;
// Constructors
}
// Constructors
}
# **and finally the following Spring Security configuration:**
I HAVE TWO ROLES -> USER and ADMIN -> hierarchy = "ROLE_ADMIN > ROLE_USER"
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) ->
authorize
.requestMatchers("/").permitAll() // nothing
.requestMatchers("/index").permitAll() // index.html
.requestMatchers("/home").hasRole("USER") // home.html
.requestMatchers("/calendar").hasRole("USER") // events_calendar.html
.requestMatchers("/register/**").hasRole("ADMIN") // register.html
.requestMatchers("/api/events/all").hasRole("USER") // GET API
.requestMatchers("/api/events/personal").hasRole("USER") // GET API
.requestMatchers("/api/events/add").hasRole("USER") // POST API
)
.formLogin(
form -> form
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/home") // home.html
.permitAll()
)
.logout(
logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll()
);
return http.build();
}
I’ve tried modifying the POST js code, also giving everyone the permition to access it but it still doesn’t work.
Im expeting to send the newEvent to the backend and then save it in a data base.
New contributor
Diogo Freire is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.