堆栈内存溢出
  繁体   English   中英

Spring 发送请求时启动错误 403

[英]Spring Boot error 403 when sending request

 原文  2021-12-04 21:33:23       java/ angular/ spring/ spring-boot/ spring-security

问题描述

我的系统由 3 个部分组成。 Spring 启动应用程序、Angular 应用程序和 Android 应用程序。 当我的 Android 应用程序发送重置密码的请求(如果不记得)时,Spring 启动应用程序使用以下方法收到此请求:

@PostMapping("/forgot_password")
public String processForgotPassword(@RequestBody String email, HttpServletRequest request) {
    try {
        String token = RandomString.make(30);
        userService.updateResetPasswordToken(token, email);
        String resetPasswordLink = "https://jakuwegiel.web.app/projects/endless-blow/reset-password?token=" + token;
        sendEmail(email, resetPasswordLink);

    } catch (Exception ex) {
        System.out.println(ex.getMessage());
    }
    return "Email has been sent";
}

其中updateResetPasswordToken()是:

public void updateResetPasswordToken(String token, String email) throws SQLException {
    UserDetails userDetails = usersDao.getUserDetailsByEmail(connFromUserService, email);
    if (userDetails != null) {
        User user = usersDao.getUserByName(connFromUserService, userDetails.getName());
        usersDao.setResetPasswordToken(connFromUserService, user, token);
    }
}

其中getUserDetailsByEmail()是:

public UserDetails getUserDetailsByEmail(Connection connection, String email) {
    UserDetails userDetails = new UserDetails();
    PreparedStatement ps;
    try {
        ps = connection.prepareStatement("SELECT * from users_details where email = '"+email+"'");
        ResultSet rs = ps.executeQuery();
        if (rs.next()) {
            userDetails = new UserDetails(rs.getString(2), rs.getString(3));
        }
    } catch (SQLException e) {
        e.printStackTrace();
    }
    return userDetails;
}

getUserByName()是:

public User getUserByName(Connection connection, String name) throws SQLException {
    User user = new User();
    PreparedStatement ps;
    try {
        ps = connection.prepareStatement("SELECT * from users where username = '"+name+"'");
        ResultSet rs = ps.executeQuery();
        if (rs.next()) {
            user = new User(rs.getString(2), rs.getString(3));
        }
    } catch (SQLException e) {
        e.printStackTrace();
    }
    return user;
}

setResetPasswordToken()是:

public void setResetPasswordToken(Connection connection, User user, String token) {
    PreparedStatement ps;
    try {
        ps = connection.prepareStatement("UPDATE users set reset_password_token = '" + token + "' where username = '" + user.getUsername() + "'");
        ps.executeUpdate();
    } catch (SQLException e) {
        System.out.println(e.getMessage());
    }
}

然后用户在 email 上收到复位链接。 他打开了打开 Angular 应用程序的链接,我在两个 EditText 字段上输入了两次密码,并使用执行此代码的按钮发送发送:

  public postResetPassword(token: string, password: string): Observable<any> {
    const body = {
      'token': token,
      'password': password
    };
    const headers = new HttpHeaders().set('Content-Type', 'application/json; charset=utf-8');
    return this.http.post<any>('https://endlessblow-1.herokuapp.com/reset_password', body,{headers: headers});
  }

这个 Angular 的代码生成 OPTIONS 请求而不是 POST 有什么奇怪的? Spring 启动应用程序通过以下方法接收此请求:

@RequestMapping(value = "/reset_password", consumes="application/json", method = {RequestMethod.OPTIONS, RequestMethod.POST, RequestMethod.GET})
public String processResetPassword(@RequestBody TokenAndPassword tokenAndPassword) {
    try {
        User user = userService.getByResetPasswordToken(tokenAndPassword.getToken());
        if (user == null) {
            return "message1";
        } else {
            userService.updatePassword(user, tokenAndPassword.getPassword());
            System.out.println("You have successfully changed your password.");
        }
    }
    catch (Exception ex) {
        System.out.println(ex.getMessage());
        return "Error. Did you use your token already? Or does this link come from email?";
    }

    return "You have successfully changed your password.";
}

但最后每次 /reset_password 出现时都会出现 ERROR 403。

我还添加了这样的 class:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests().anyRequest().permitAll();
}
}

但它什么也没给。

这段代码有什么问题?

非常非常非常感谢您的帮助!

1 个解决方案

解决方案1
 0  2021-12-04 22:29:10

该问题很可能与 angular 应用程序发送的预检请求有关。 您可以通过将其添加到您的安全配置中来禁用 cors:

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**").allowedMethods("*");
}

或者您可以按照 spring 文档https://docs.spring.io/javacurrent.framework#mvc-cors-Z.io/javacurrent.framework#/docs-cors-Z.

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 发送PUT请求时出现Spring + AngularJs + Tomcat 9.0-403错误 使用 angular 和 spring 与 JWT 启动服务的 PUT 请求出现 403 错误 Spring 启动 -- 使用 CSRF 令牌发布请求产生 403 错误 当使用Keyclaok进行POST请求时,Spring Boot返回403被禁止 使用Spring Boot + Spring Security时图像上出现错误403 提交Login spring引导项目时报错403 Spring Boot 403禁止在Tomcat 9中使用POST请求 Android retrofit 在向 spring 引导发送请求时出错? Angular 和 Spring 启动 -> POST 请求响应 403 403弹簧启动API调用禁止错误?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM