Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Java > Java and JDK > BOOK: Professional Java for Web Applications
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional Java for Web Applications
This is the forum to discuss the Wrox book Professional Java for Web Applications by Nicholas S. Williams; ISBN: 978-1-118-65646-4
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional Java for Web Applications section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old September 21st, 2015, 12:11 PM
Authorized User
Points: 52, Level: 1
Points: 52, Level: 1 Points: 52, Level: 1 Points: 52, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2014
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 27 - Login is required (wrong) for POST Rest

At page 776, is described:

Quote:
Only requests ignored and excluded from the chain (for
example, in configure(WebSecurity)) are unprotected. However, this is not always desirable
for all secured URLs. In the Customer Support application, for example, you should not include
CSRF protection on the RESTful and SOAP web services because they don’t use web forms
This should be done from this piece of code:

Quote:
.requireCsrfProtectionMatcher((r) -> {
String m = r.getMethod();
return !r.getServletPath().startsWith("/services/") &&
("POST".equals(m) || "PUT".equals(m) ||
"DELETE".equals(m) || "PATCH".equals(m));
});
But, when i try to make a POST request (Using Advanced Rest Client) it first make a POST requesto to /services/Rest and after it, it make a request via GET to /login , and this REST call reply with the form (that is wrong, because WebServices dont use forms).

If i make a requesto with OPTIONS type, the request is ok, because first make OPTIONS to services/Rest and later an OPTIONS to /login.

why if i use a POST, this make POST and after GET /login ?

Is something wrong in this code? I've tried to import the entire project in eclipse (as i have downloaded from the site), and i've noticed this Behaviour

Last edited by mistre83; September 21st, 2015 at 12:14 PM..
Reply With Quote
  #2 (permalink)  
Old January 12th, 2016, 11:56 AM
Wrox Author
Points: 36, Level: 1
Points: 36, Level: 1 Points: 36, Level: 1 Points: 36, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2014
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hmmm. I do not experience this issue. Have you solved it yet? If not, I would recommend placing some debug breakpoints and stepping through the code to see if you can figure out what's going on. It's going to be hard for me to track down the problem when I can't replicate it...
__________________
-- Nick Williams
Reply With Quote
  #3 (permalink)  
Old January 12th, 2016, 12:07 PM
Authorized User
Points: 52, Level: 1
Points: 52, Level: 1 Points: 52, Level: 1 Points: 52, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2014
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

In SecurityConfiguration.java i've changed the method:

Code:
protected void configure(HttpSecurity security)...
From:

Code:
security
                .authorizeRequests()
                    .antMatchers("/session/list")
                        .hasAuthority("VIEW_USER_SESSIONS")
                    .anyRequest().authenticated()
To:

Code:
 security
         .authorizeRequests()
         	.antMatchers("/services/**").permitAll()
             .antMatchers("/session/list")
                 .hasAuthority("VIEW_USER_SESSIONS")
             .anyRequest().authenticated()
I've added a permitAll() on /services/**
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 9 creating rest web service p352-353 smolina BOOK: Professional SharePoint 2010 Development 0 November 29th, 2011 02:24 PM
Chapter 27: Modules And Handlers - Listing 27.2 Nikhil BOOK: Professional ASP.NET 3.5 : in C# and VB ISBN: 978-0-470-18757-9 0 February 4th, 2010 07:25 AM
Wrong Required Item Type for variable.. ?? mphare XSLT 1 January 29th, 2009 06:06 PM
What's wrong with required field validator? bhavna General .NET 1 February 8th, 2007 10:25 AM
Rest of code for Chapter 17 Glen Conaway BOOK: Beginning VB.NET 2nd Edition/Beginning VB.NET 2003 2 August 31st, 2004 06:47 PM



All times are GMT -4. The time now is 07:27 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.