堆棧內存溢出
  簡體   English   中英

使用入站網關的POST方法獲取403-Spring Integration

[英]Getting 403 with POST method of Inbound Gateway - Spring Integration

 原文  2016-06-10 14:11:24       java/ spring/ spring-integration

問題描述

因此,我一直在嘗試使用Spring集成入站網關將一些數據發布到Web服務。 GET方法工作正常。 所以我嘗試使用POST,我傳遞了一些String。 並嘗試獲取一個簡單的String。 您可以檢查TestService 但是每次我嘗試運行測試用例時,都會收到403錯誤。 我已經檢查了Spring Security和所有其他方面,但是無法解決這個問題。 我用谷歌搜索了大約2天,但沒有一個線索。

您可以查看鏈接,以了解我的其他功能是GET方法並且運行良好。 我只有POST有這個問題! 因此,請幫助我了解我的代碼有什么問題!

我的integration.xml是: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration.xsd
    http://www.springframework.org/schema/integration/http http://www.springframework.org/schema/integration/http/spring-integration-http.xsd
    http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm.xsd"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xmlns:int-http="http://www.springframework.org/schema/integration/http">

<int:annotation-config/>

<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
    <property name="order" value="1" />
    <property name="contentNegotiationManager">
        <bean class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
            <property name="defaultContentType" value="application/json"/>
            <property name="favorParameter" value="true"/>
            <property name="ignoreAcceptHeader" value="true" />
            <property name="mediaTypes">
                <map>
                    <entry key="json" value="application/json" />
                    <entry key="xml" value="application/xml" />
                </map>
            </property>
        </bean>
    </property>
    <property name="defaultViews">
        <list>
            <bean
                class="org.springframework.integration.samples.rest.json.view.ExtendedMappingJacksonJsonView" >
                <property name="objectMapper" ref="jaxbJacksonObjectMapper"/>
            </bean>
            <bean class="org.springframework.web.servlet.view.xml.MarshallingView">
                <constructor-arg ref="marshaller"/>
            </bean>
        </list>
    </property>
</bean>

<int:channel id="orderRequestChannel" />
<int:channel id="orderResponseChannel" />

<int-http:inbound-gateway id="inboundOrderRequestGateway" 
    supported-methods="POST"
    request-channel="orderRequestChannel"
    reply-channel="orderResponseChannel"
    view-name="/order"
    path="/order/view"
    request-payload-type="java.lang.String"
    reply-timeout="50000">
</int-http:inbound-gateway>

<int:service-activator id="orderGatewayActivator"
                input-channel="orderRequestChannel"
                output-channel="orderResponseChannel"
                ref="testService" 
                method="createOrder" 
                requires-reply="true"
                send-timeout="60000" />  
<oxm:jaxb2-marshaller id="marshaller" context-path="org.springframework.integration.samples.rest.domain" />
<bean id="jaxbJacksonObjectMapper" class="org.springframework.integration.samples.rest.json.JaxbJacksonObjectMapper"/>

測試服務方法是: 

@Service("testService")
public class TestService {

  public Message<String> createOrder(Message<String> orderRequest) {
    System.out.println("Inside!!!!!!!!!!");
    return MessageBuilder.withPayload("Some Response!").build();
  }
}

春季安全文件: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">

<security:global-method-security
    secured-annotations="enabled" />

<!-- Configure Spring Security -->
<security:http auto-config="true" use-expressions="true" realm="REST HTTP Web Service" create-session="never">
    <security:http-basic />
    <security:intercept-url pattern='/services/employee/*' access="hasRole('ROLE_REST_HTTP_USER')"  />
    <security:intercept-url pattern='/order/*' access="permitAll"  />
    <security:csrf disabled="true" />
</security:http>

<!--  In this example, we are using in memory authentication. The password encoder depends on
                Jasypt's String Digester to digest the password stored in users.properties -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
        <security:password-encoder ref="passwordEncoder"/>
        <security:user-service properties="classpath:users.properties" />
    </security:authentication-provider>
</security:authentication-manager>

<!--
    Use the StringDigester to create uni-directional password encryption.
    All uni-directional encryption methods supported in jasypt is integrated into
    Spring Security
-->
<bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" >
    <property name="algorithm" value="SHA-1" />
    <property name="iterations" value="100000" />
    <property name="saltGenerator">
        <bean id="zeroSaltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
    </property>
    <property name="saltSizeBytes" value="10"/>
</bean>

<!--
     This Spring Security-friendly PasswordEncoder implementation will
       wrap the StringDigester instance so that it can be used from
       the security framework.
   -->
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
    <property name="stringDigester" ref="jasyptStringDigester"/>
</bean>

最后我的測試方法: 

@Test
public void testPOST() throws Exception{
    final String fullUrl = "http://localhost:9080/rest-http/order/view";
    HttpHeaders headers = new HttpHeaders();
    HttpEntity<Object> request = new HttpEntity<Object>(headers);
    ResponseEntity<?> httpResponse = restTemplate.exchange(fullUrl, HttpMethod.POST, request, String.class, "Request");     
    //restTemplate.getMessageConverters().add(jsonHttpMessageConverter);
    if (!httpResponse.getStatusCode().equals(HttpStatus.OK)){
        logger.error("Problems with the request. Http status: " + httpResponse.getStatusCode());
    }

}

請幫幫我! 提前致謝。

1 個解決方案

解決方案1
 0 已采納  2016-06-10 15:01:33

如果您使用的是Spring的安全性,那么默認情況下將啟用CSRF保護 ,並且傳入請求中應使用X-Csrf-Token

您必須通過在Spring安全XML文件中添加以下內容來禁用此功能。 在這里閱讀更多有關Spring的CSRF保護的信息,下面的代碼在$ 16.4.2節中討論。 

<http>
    <!-- ... -->
    <csrf disabled="true"/>
</http>

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Spring Integration Proxy Gateway上的入站變壓器 Spring Integration HTTP入站網關請求重疊 Spring Integration入站通道適配器中的覆蓋方法 在 Spring 集成(入站網關)中傳遞非標准 Header 名稱 Spring Integration Http入站網關發送空白json回復 攔截Spring集成http:inbound-gateway的ReplyChannel reply-timeout意味着在spring集成中的tcp-inbound-gateway 如何在Spring Integration的入站網關中接受MultipartFile Spring Integration HTTP入站網關路徑中的可選參數 澤西島資源配置和Spring集成http:inbound-gateway
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM