spring security + angularjs ajax post

Question

I'm just implemented the Spring Security to my project. I'm enabled CSRF. The problem is - that i think all the POST requests to REST API(Spring) is now blocked by spring security i think.

This is my Spring Security config

<context:annotation-config/>

<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
    <headers>
        <cache-control />
    </headers>

    <intercept-url pattern="/maps/api/admin**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/user**" access="hasRole('ROLE_USER')"/>

    <!-- access denied page -->
    <access-denied-handler error-page="/403"/>

    <form-login
            login-processing-url="/login/processing"
            login-page="/user-login"
            default-target-url="/"
            authentication-failure-url="/user-login"
            username-parameter="username"
            password-parameter="password"
            authentication-success-handler-ref="successHandler"
            authentication-failure-handler-ref="failureHandler"/>
    <logout logout-success-url="/maps/api/user-login?logout"  delete-cookies="JSESSIONID"/>
    <!-- enable csrf protection -->
    <csrf/>
</http>

i have a custom authentication success handlers and POST for authentication works well.

This is how i sent my POST for authentication (in Angular)

var req = {
    method: 'POST',
    url: '/login/processing',
    headers: {
        'Content-Type': "application/x-www-form-urlencoded",
        'Upgrade-Insecure-Requests': "1",
        'X-CSRF-TOKEN': $('input[name="_csrf"]').val()
    },
    data: $(obj.target).serialize()
}

$http(req)
    .success(function(data, status, headers, config){
       blab bla bla
    })
    .error(function(data){
        alert( "Exception details: " + JSON.stringify({data: data}));
    });

This is the example of other POST request i sending to retrieve a data from Spring REST API Controller:

    var formData = {
        "username" : $scope.registerUser.email,
        "password" : $scope.registerUser.password
    };
    var req = {
        method: 'POST',
        url: '/maps/api/user/register',
        headers: {
            'X-CSRF-TOKEN': $('input[name="_csrf"]').val(),
            //'Content-Type': "application/x-www-form-urlencoded"
            'Content-Type': 'application/json'
        },
        data: formData
    }
    $http(req)
        .success(function(data, status, headers, config){
            blaaaaaaaa
        })
        .error(function(data, status, headers, config){
            alert( "Exception details: " + JSON.stringify({data: data}));
        });

and getting this error:

The resource identified by this request is only capable of generating responses with characteristics not acceptable according to the request "accept" headers.

but actually i got 'Content-Type': 'application/json' as "accept" headers, and the controller also returns a JSON object.

Can anyone help?

Answer 1

what is your Spring version, if it's 4.1.* . Add the following jars to your pom.xml

<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-core</artifactId>
    <version>2.4.1</version>
</dependency>
<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-databind</artifactId>
    <version>2.4.1.1</version>
</dependency>

Or Add

headers = "Accept=*/*", produces = "application/json"

to your controller mapping