堆栈内存溢出
  繁体   English   中英

使用入站网关的POST方法获取403-Spring Integration

[英]Getting 403 with POST method of Inbound Gateway - Spring Integration

 原文  2016-06-10 14:11:24       java/ spring/ spring-integration

问题描述

因此,我一直在尝试使用Spring集成入站网关将一些数据发布到Web服务。 GET方法工作正常。 所以我尝试使用POST,我传递了一些String。 并尝试获取一个简单的String。 您可以检查TestService 但是每次我尝试运行测试用例时,都会收到403错误。 我已经检查了Spring Security和所有其他方面,但是无法解决这个问题。 我用谷歌搜索了大约2天,但没有一个线索。

您可以查看链接,以了解我的其他功能是GET方法并且运行良好。 我只有POST有这个问题! 因此,请帮助我了解我的代码有什么问题!

我的integration.xml是: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration.xsd
    http://www.springframework.org/schema/integration/http http://www.springframework.org/schema/integration/http/spring-integration-http.xsd
    http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm.xsd"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xmlns:int-http="http://www.springframework.org/schema/integration/http">

<int:annotation-config/>

<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
    <property name="order" value="1" />
    <property name="contentNegotiationManager">
        <bean class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
            <property name="defaultContentType" value="application/json"/>
            <property name="favorParameter" value="true"/>
            <property name="ignoreAcceptHeader" value="true" />
            <property name="mediaTypes">
                <map>
                    <entry key="json" value="application/json" />
                    <entry key="xml" value="application/xml" />
                </map>
            </property>
        </bean>
    </property>
    <property name="defaultViews">
        <list>
            <bean
                class="org.springframework.integration.samples.rest.json.view.ExtendedMappingJacksonJsonView" >
                <property name="objectMapper" ref="jaxbJacksonObjectMapper"/>
            </bean>
            <bean class="org.springframework.web.servlet.view.xml.MarshallingView">
                <constructor-arg ref="marshaller"/>
            </bean>
        </list>
    </property>
</bean>

<int:channel id="orderRequestChannel" />
<int:channel id="orderResponseChannel" />

<int-http:inbound-gateway id="inboundOrderRequestGateway" 
    supported-methods="POST"
    request-channel="orderRequestChannel"
    reply-channel="orderResponseChannel"
    view-name="/order"
    path="/order/view"
    request-payload-type="java.lang.String"
    reply-timeout="50000">
</int-http:inbound-gateway>

<int:service-activator id="orderGatewayActivator"
                input-channel="orderRequestChannel"
                output-channel="orderResponseChannel"
                ref="testService" 
                method="createOrder" 
                requires-reply="true"
                send-timeout="60000" />  
<oxm:jaxb2-marshaller id="marshaller" context-path="org.springframework.integration.samples.rest.domain" />
<bean id="jaxbJacksonObjectMapper" class="org.springframework.integration.samples.rest.json.JaxbJacksonObjectMapper"/>

测试服务方法是: 

@Service("testService")
public class TestService {

  public Message<String> createOrder(Message<String> orderRequest) {
    System.out.println("Inside!!!!!!!!!!");
    return MessageBuilder.withPayload("Some Response!").build();
  }
}

春季安全文件: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">

<security:global-method-security
    secured-annotations="enabled" />

<!-- Configure Spring Security -->
<security:http auto-config="true" use-expressions="true" realm="REST HTTP Web Service" create-session="never">
    <security:http-basic />
    <security:intercept-url pattern='/services/employee/*' access="hasRole('ROLE_REST_HTTP_USER')"  />
    <security:intercept-url pattern='/order/*' access="permitAll"  />
    <security:csrf disabled="true" />
</security:http>

<!--  In this example, we are using in memory authentication. The password encoder depends on
                Jasypt's String Digester to digest the password stored in users.properties -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
        <security:password-encoder ref="passwordEncoder"/>
        <security:user-service properties="classpath:users.properties" />
    </security:authentication-provider>
</security:authentication-manager>

<!--
    Use the StringDigester to create uni-directional password encryption.
    All uni-directional encryption methods supported in jasypt is integrated into
    Spring Security
-->
<bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" >
    <property name="algorithm" value="SHA-1" />
    <property name="iterations" value="100000" />
    <property name="saltGenerator">
        <bean id="zeroSaltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
    </property>
    <property name="saltSizeBytes" value="10"/>
</bean>

<!--
     This Spring Security-friendly PasswordEncoder implementation will
       wrap the StringDigester instance so that it can be used from
       the security framework.
   -->
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
    <property name="stringDigester" ref="jasyptStringDigester"/>
</bean>

最后我的测试方法: 

@Test
public void testPOST() throws Exception{
    final String fullUrl = "http://localhost:9080/rest-http/order/view";
    HttpHeaders headers = new HttpHeaders();
    HttpEntity<Object> request = new HttpEntity<Object>(headers);
    ResponseEntity<?> httpResponse = restTemplate.exchange(fullUrl, HttpMethod.POST, request, String.class, "Request");     
    //restTemplate.getMessageConverters().add(jsonHttpMessageConverter);
    if (!httpResponse.getStatusCode().equals(HttpStatus.OK)){
        logger.error("Problems with the request. Http status: " + httpResponse.getStatusCode());
    }

}

请帮帮我! 提前致谢。

1 个解决方案

解决方案1
 0 已采纳  2016-06-10 15:01:33

如果您使用的是Spring的安全性,那么默认情况下将启用CSRF保护 ,并且传入请求中应使用X-Csrf-Token

您必须通过在Spring安全XML文件中添加以下内容来禁用此功能。 在这里阅读更多有关Spring的CSRF保护的信息,下面的代码在$ 16.4.2节中讨论。 

<http>
    <!-- ... -->
    <csrf disabled="true"/>
</http>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Integration Proxy Gateway上的入站变压器 Spring Integration HTTP入站网关请求重叠 Spring Integration入站通道适配器中的覆盖方法 在 Spring 集成(入站网关)中传递非标准 Header 名称 Spring Integration Http入站网关发送空白json回复 拦截Spring集成http:inbound-gateway的ReplyChannel reply-timeout意味着在spring集成中的tcp-inbound-gateway 如何在Spring Integration的入站网关中接受MultipartFile Spring Integration HTTP入站网关路径中的可选参数 泽西岛资源配置和Spring集成http:inbound-gateway
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM