堆栈内存溢出
  简体   繁体   English

春季休息服务被拒绝访问http 403

[英]getting http 403 access denied for spring rest service

 原文  2017-10-04 17:56:30       rest/ spring-security/ basic-authentication

问题描述

I have the following configuration for my Spring REST where i would like to have all my web services to go through a basic authentication: 我的Spring REST具有以下配置,我希望所有Web服务都通过基本身份验证:

spring-sec.xml spring-sec.xml 

 <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/*" access="hasRole('ROLE_ADMIN')"/>
        <http-basic/>
    </http>

    <!-- Authentication manager -->
    <authentication-manager>
        <authentication-provider>
        <user-service>
            <user name="admin" password="admin" authorities="ROLE_ADMIN"/>
            <user name="rest" password="rest" authorities="ROLE_REST"/>
            <user name="user" password="user" authorities="ROLE_USER"/>
         </user-service>
        </authentication-provider>
    </authentication-manager>

For my client code, i have the following: 对于我的客户代码,我有以下内容: 

String encoding = Base64.getEncoder().encodeToString(("admin:admin").getBytes());

        String authHeader = "Basic " + encoding;

        System.out.println(authHeader);

        HttpPost post = new HttpPost(uri);
        post.setHeader("Content-Type", "application/octet-stream; boundary=\"---Content Boundary\"");
        post.setHeader("Authorization", authHeader);

all the execution of my client are getting http 403 access denied, but as from the code, i am already using the configured username and password. 我客户端的所有执行都被拒绝http 403访问,但是从代码中,我已经在使用配置的用户名和密码。 I have also changed from hasRole to hasAuthority, but to no avail. 我还从hasRole更改为hasAuthority,但无济于事。 kindly please help on this. 请对此提供帮助。 thanks! 谢谢!

web.xml: web.xml: 

<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml, /WEB-INF/spring/appServlet/spring-sec.xml</param-value>
    </context-param>
       <!-- Spring Security filter -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

1 个解决方案

解决方案1
 0  2017-10-05 18:40:05

managed to find the issue and its on my spring security xml configuration. 设法在我的spring security xml配置中找到问题及其原因。 from the 403 error, it was stated "Could not verify the provided CSRF token because your session was not found in spring security". 从403错误中可以看出,“由于无法在Spring Security中找到您的会话,因此无法验证提供的CSRF令牌”。

Since the web service is only used by non-browser client, i have disable csrf in the xml configuration, then it works like a charm! 由于Web服务仅由非浏览器客户端使用,因此我已在xml配置中禁用了csrf,因此它的工作原理就像一个魅力!

just want to know whether this will be save for my web service? 只想知道这是否将保存为我的Web服务? how a csrf function? csrf功能如何?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 调用REST服务时获得“访问被拒绝” - Getting 'Access denied' when calling REST service spring-oauth2:HTTP状态403-访问被拒绝 - spring-oauth2: HTTP Status 403 - Access Denied 从 Raspberry Pi 上的 Spring Boot Rest 服务获取 403 响应 - Getting 403 Response from Spring Boot Rest Service on Raspberry Pi Spring Security OAuth2在REST服务上获得访问被拒绝 - Spring Security OAuth2 get Access Denied on REST Service Magento REST API中针对客户的403访问被拒绝 - 403 Access Denied for customers in Magento REST API Spring Boot Security 403“访问被拒绝” - Spring Boot Security 403 “Access Denied” Grails Spring Security REST被禁止使用403 - Grails Spring Security REST Getting 403 Forbidden 在休息服务中拒绝访问路径C:\\ - Access to the path C:\ is denied in rest service Spring 4 REST服务-获取404 - Spring 4 REST Service - Getting 404 通过Spring REST服务获取NPE - Getting NPE with a Spring REST Service
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM