[英]Spring Boot error 403 when sending request
我的系統由 3 個部分組成。 Spring 啟動應用程序、Angular 應用程序和 Android 應用程序。 當我的 Android 應用程序發送重置密碼的請求(如果不記得)時,Spring 啟動應用程序使用以下方法收到此請求:
@PostMapping("/forgot_password")
public String processForgotPassword(@RequestBody String email, HttpServletRequest request) {
try {
String token = RandomString.make(30);
userService.updateResetPasswordToken(token, email);
String resetPasswordLink = "https://jakuwegiel.web.app/projects/endless-blow/reset-password?token=" + token;
sendEmail(email, resetPasswordLink);
} catch (Exception ex) {
System.out.println(ex.getMessage());
}
return "Email has been sent";
}
其中updateResetPasswordToken()是:
public void updateResetPasswordToken(String token, String email) throws SQLException {
UserDetails userDetails = usersDao.getUserDetailsByEmail(connFromUserService, email);
if (userDetails != null) {
User user = usersDao.getUserByName(connFromUserService, userDetails.getName());
usersDao.setResetPasswordToken(connFromUserService, user, token);
}
}
其中getUserDetailsByEmail()是:
public UserDetails getUserDetailsByEmail(Connection connection, String email) {
UserDetails userDetails = new UserDetails();
PreparedStatement ps;
try {
ps = connection.prepareStatement("SELECT * from users_details where email = '"+email+"'");
ResultSet rs = ps.executeQuery();
if (rs.next()) {
userDetails = new UserDetails(rs.getString(2), rs.getString(3));
}
} catch (SQLException e) {
e.printStackTrace();
}
return userDetails;
}
getUserByName()是:
public User getUserByName(Connection connection, String name) throws SQLException {
User user = new User();
PreparedStatement ps;
try {
ps = connection.prepareStatement("SELECT * from users where username = '"+name+"'");
ResultSet rs = ps.executeQuery();
if (rs.next()) {
user = new User(rs.getString(2), rs.getString(3));
}
} catch (SQLException e) {
e.printStackTrace();
}
return user;
}
和setResetPasswordToken()是:
public void setResetPasswordToken(Connection connection, User user, String token) {
PreparedStatement ps;
try {
ps = connection.prepareStatement("UPDATE users set reset_password_token = '" + token + "' where username = '" + user.getUsername() + "'");
ps.executeUpdate();
} catch (SQLException e) {
System.out.println(e.getMessage());
}
}
然后用戶在 email 上收到復位鏈接。 他打開了打開 Angular 應用程序的鏈接,我在兩個 EditText 字段上輸入了兩次密碼,並使用執行此代碼的按鈕發送發送:
public postResetPassword(token: string, password: string): Observable<any> {
const body = {
'token': token,
'password': password
};
const headers = new HttpHeaders().set('Content-Type', 'application/json; charset=utf-8');
return this.http.post<any>('https://endlessblow-1.herokuapp.com/reset_password', body,{headers: headers});
}
這個 Angular 的代碼生成 OPTIONS 請求而不是 POST 有什么奇怪的? Spring 啟動應用程序通過以下方法接收此請求:
@RequestMapping(value = "/reset_password", consumes="application/json", method = {RequestMethod.OPTIONS, RequestMethod.POST, RequestMethod.GET})
public String processResetPassword(@RequestBody TokenAndPassword tokenAndPassword) {
try {
User user = userService.getByResetPasswordToken(tokenAndPassword.getToken());
if (user == null) {
return "message1";
} else {
userService.updatePassword(user, tokenAndPassword.getPassword());
System.out.println("You have successfully changed your password.");
}
}
catch (Exception ex) {
System.out.println(ex.getMessage());
return "Error. Did you use your token already? Or does this link come from email?";
}
return "You have successfully changed your password.";
}
但最后每次 /reset_password 出現時都會出現 ERROR 403。
我還添加了這樣的 class:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().anyRequest().permitAll();
}
}
但它什么也沒給。
這段代碼有什么問題?
非常非常非常感謝您的幫助!
該問題很可能與 angular 應用程序發送的預檢請求有關。 您可以通過將其添加到您的安全配置中來禁用 cors:
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
}
或者您可以按照 spring 文檔https://docs.spring.io/javacurrent.framework#mvc-cors-Z.io/javacurrent.framework#/docs-cors-Z.
發送PUT請求時出現Spring + AngularJs + Tomcat 9.0-403錯誤
[英]Spring +AngularJs + Tomcat 9.0 - 403 error when sending a PUT request
使用 angular 和 spring 與 JWT 啟動服務的 PUT 請求出現 403 錯誤
[英]403 error with PUT request using angular and spring boot service with JWT
Spring 啟動 -- 使用 CSRF 令牌發布請求產生 403 錯誤
[英]Spring Boot -- Post request with CSRF token produce 403 error
當使用Keyclaok進行POST請求時,Spring Boot返回403被禁止
[英]spring boot return 403 forbidden when POST request with Keyclaok
使用Spring Boot + Spring Security時圖像上出現錯誤403
[英]Error 403 on image when using Spring Boot + Spring Security
Android retrofit 在向 spring 引導發送請求時出錯?
[英]Android retrofit error in sending put request to spring boot?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.