stackoom
  简体   繁体   中英

Access to the specified resource has been forbidden in simple Spring remote client

 原文  2015-12-22 00:00:54       spring/ spring-security

Question

I am trying with spring remote client with security features,with out security things are working fine, but when I add DelegatingFilterProxy I am seeing the error 403 with message forbidden.

Here is my configuration 

<bean id="provisioningService"
class="com.ravisha.spring.remote.httpinvoker.ProvisioningServiceImpl" />

<bean name="/provisioningService"
class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
<property name="service" ref="provisioningService" />
<property name="serviceInterface" value="com.ravisha.spring.remote.httpinvoker.ProvisioningService"/>
</bean>

<security:http>
        <security:http-basic/>
         <security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>    

 </security:http>  

      <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider>
            <security:user-service id="uds">
                     <security:user name="test" password="test"
                               authorities="ROLE_USER" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>   


</beans>

1 answers

solution1
 0  2015-12-22 08:47:38

CSRF protection is enabled in Spring Security by default from version 4. For HttpInvoker you don't need it and can disable it. I also suggest to explicit make security stateless. 

<security:http create-session="stateless">
  <security:csrf disabled="true"/>
  <security:http-basic/>
  <security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>
</security:http>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access to the specified resource has been forbidden Spring data cassandra - No keyspace has been specified CXF + Spring: No root resource matching request path has been found Spring Security and the Proper Way to Verify that User has Access to a Resource 403 access forbidden error - spring security when the url has dynamic path param Grant access to resource server with tokens generated by Resource server client key and secret - Spring boot How to configure spring-integration-sftp to move a remote file after it has been downloaded to local filesystem? Spring Integration: delete (sftp) remote file after it has been persisted to database Angular7 : has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Spring Rest Forbidden Access when hit Exception
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM