I am trying with spring remote client with security features,with out security things are working fine, but when I add DelegatingFilterProxy I am seeing the error 403 with message forbidden.
Here is my configuration
<bean id="provisioningService"
class="com.ravisha.spring.remote.httpinvoker.ProvisioningServiceImpl" />
<bean name="/provisioningService"
class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
<property name="service" ref="provisioningService" />
<property name="serviceInterface" value="com.ravisha.spring.remote.httpinvoker.ProvisioningService"/>
</bean>
<security:http>
<security:http-basic/>
<security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service id="uds">
<security:user name="test" password="test"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
CSRF protection is enabled in Spring Security by default from version 4. For HttpInvoker you don't need it and can disable it. I also suggest to explicit make security stateless.
<security:http create-session="stateless">
<security:csrf disabled="true"/>
<security:http-basic/>
<security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>
</security:http>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.