Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Java and JDK > BOOK: Professional Java for Web Applications
Reload this Page Chapter 27 - Login is required (wrong) for POST Rest
|
BOOK: Professional Java for Web Applications
This is the forum to discuss the Wrox book Professional Java for Web Applications by Nicholas S. Williams; ISBN: 978-1-118-65646-4
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional Java for Web Applications section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 21st, 2015, 12:11 PM
Authorized User
  
Join Date: Apr 2014
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 27 - Login is required (wrong) for POST Rest
At page 776, is described:

Quote:
Only requests ignored and excluded from the chain (for
example, in configure(WebSecurity)) are unprotected. However, this is not always desirable
for all secured URLs. In the Customer Support application, for example, you should not include
CSRF protection on the RESTful and SOAP web services because they don’t use web forms
This should be done from this piece of code:

Quote:
.requireCsrfProtectionMatcher((r) -> {
String m = r.getMethod();
return !r.getServletPath().startsWith("/services/") &&
("POST".equals(m) || "PUT".equals(m) ||
"DELETE".equals(m) || "PATCH".equals(m));
});
But, when i try to make a POST request (Using Advanced Rest Client) it first make a POST requesto to /services/Rest and after it, it make a request via GET to /login , and this REST call reply with the form (that is wrong, because WebServices dont use forms).

If i make a requesto with OPTIONS type, the request is ok, because first make OPTIONS to services/Rest and later an OPTIONS to /login.

why if i use a POST, this make POST and after GET /login ?

Is something wrong in this code? I've tried to import the entire project in eclipse (as i have downloaded from the site), and i've noticed this Behaviour
Last edited by mistre83; September 21st, 2015 at 12:14 PM..
 
Old January 12th, 2016, 11:56 AM
Wrox Author
  
Join Date: Jun 2014
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Hmmm. I do not experience this issue. Have you solved it yet? If not, I would recommend placing some debug breakpoints and stepping through the code to see if you can figure out what's going on. It's going to be hard for me to track down the problem when I can't replicate it...
__________________
-- Nick Williams
 
Old January 12th, 2016, 12:07 PM
Authorized User
  
Join Date: Apr 2014
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default
In SecurityConfiguration.java i've changed the method:

Code:
protected void configure(HttpSecurity security)...
From:

Code:
security
                .authorizeRequests()
                    .antMatchers("/session/list")
                        .hasAuthority("VIEW_USER_SESSIONS")
                    .anyRequest().authenticated()
To:

Code:
 security
         .authorizeRequests()
         	.antMatchers("/services/**").permitAll()
             .antMatchers("/session/list")
                 .hasAuthority("VIEW_USER_SESSIONS")
             .anyRequest().authenticated()
I've added a permitAll() on /services/**





Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 9 creating rest web service p352-353 smolina BOOK: Professional SharePoint 2010 Development 0 November 29th, 2011 02:24 PM
Chapter 27: Modules And Handlers - Listing 27.2 Nikhil BOOK: Professional ASP.NET 3.5 : in C# and VB ISBN: 978-0-470-18757-9 0 February 4th, 2010 07:25 AM
Wrong Required Item Type for variable.. ?? mphare XSLT 1 January 29th, 2009 06:06 PM
What's wrong with required field validator? bhavna General .NET 1 February 8th, 2007 10:25 AM
Rest of code for Chapter 17 Glen Conaway BOOK: Beginning VB.NET 2nd Edition/Beginning VB.NET 2003 2 August 31st, 2004 06:47 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.