通过curl命令发送POST请求

Question

I have problem with sending POST request by curl command.

     @RequestMapping(value = "/abc/def/{parameter}/enum", method = RequestMethod.POST)
     public ResponseEntity<classA> function(@PathVariable(value = "parameter") int parameter, @RequestBody String parameter2) {
           a = list.get(parameter);
           a.setParameter(enumA.getValue(parameter2));
           ResponseEntity<classA> response = new ResponseEntity<>(a, HttpStatus.OK);
          return response;
     }

Then i want to send POST by curl command:

curl -H "Content-Type: application/json" -X POST -d '{"parameter2" : "enum"}' https://user:password@localhost:port/abc/def/1/enum -k

I get response:

{"timestamp":123456789,"status":403,"error":"Forbidden","message":"Expected CSRF token not found. Has your session expired?","path":"/abc/def/1/enum/"}

Ideas?

Answer 1

The problem is:

Expected CSRF token not found.

Your aplication (Spring MVC as i can see) have CSRF protection enabled, so you need to send the "_csrf" param with the post. More info at:
http://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
https://spring.io/blog/2013/08/21/spring-security-3-2-0-rc1-highlights-csrf-protection/

The CSRF token value changes with the user session, if you want to see this csrf token you can visit your aplication with the web browser and see the HTML code of your page, in the form tag you will see something like this:

<input type="hidden"
    name= _csrf
    value= 964f8675-a57a-4f85-b196-976d71ffef96 />

So you need to send this param within your POST.

curl -H "Content-Type: application/json" -X POST -d '{"parameter2" : "enum","_csrf":"964f8675-a57a-4f85-b196-976d71ffef96"}' -u username:password https://localhost:port/abc/def/1/enum

CARE!: as I said, this token will change with the user session, so you will not be able to use the same token always.