I use Spring MVC in my project and when matching a user request with a URI, I could not get around it. I am getting 403 error as the url was intercepted. But I was able to access it through a browser.
Update
I removed the interception in the security.xml file, and when I try to click, I get the following error.
POST request method not supported
http://49.205.88.200:5080/Batasariservice/groupview.htm username : userx@bat password : 123456
Updated:
My Rest Controller:
@RestController public class AuthenticateDeviceRestWS { @Autowired ManageDeviceWSBusiness manageDeviceWSBusiness; @RequestMapping(value = "authAndRegDevice.htm", method = RequestMethod.POST) public @ResponseBody String authenticateAndRegisterDevice( @RequestBody String notificationJsonRequest) throws BatasariWSException { WSDeviceAuthenticateRequest wsDeviceAuthenticateRequest = (WSDeviceAuthenticateRequest) UserAccessManagementUtil .convertToJava(notificationJsonRequest, WSDeviceAuthenticateRequest.class); WSDeviceAuthenticateResponse wsDeviceAuthenticateResponse = manageDeviceWSBusiness .authAndRegisterDevice(wsDeviceAuthenticateRequest); return UserAccessManagementUtil .convertToJson(wsDeviceAuthenticateResponse); } }
Updated Java main class, i.e. Verified with
public class AuthURLConnection { static String URL = "http://localhost:5080/Batasariservice/authAndRegDevice.htm"; public static void main(String[] args) { // TODO Auto-generated method stub String json = "{ " + "\"deviceID\":\"Test\", " + "\"deviceName\":\"Test Device\", " + "\"phoneNumber\":\"testnumber\", " + "\"companyIdentifier\":\"bat\", " + "\"userIdentifier\":\"Test\", " + "\"addtionalInfo\":\"\"" + "}"; wsRequest(json); } private static void wsRequest(String jsonInput) { try { URL targetUrl = new URL(URL); HttpURLConnection httpConnection = (HttpURLConnection) targetUrl .openConnection(); httpConnection.setDoOutput(true); httpConnection.setRequestMethod("POST"); httpConnection.setRequestProperty("Content-Type", "application/json"); OutputStream outputStream = httpConnection.getOutputStream(); outputStream.write(jsonInput.getBytes()); outputStream.flush(); if (httpConnection.getResponseCode() != 200) { throw new RuntimeException("Failed : HTTP error code : " + httpConnection.getResponseCode() + ":" + httpConnection.getResponseMessage()); } BufferedReader responseBuffer = new BufferedReader( new InputStreamReader(httpConnection.getInputStream())); String output; StringBuffer sb = new StringBuffer(); while ((output = responseBuffer.readLine()) != null) { sb.append(output); } httpConnection.disconnect(); } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } }
}
Updated my spring -security.xml file
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/userLogin*" access="permitAll" /> <intercept-url pattern="/authAndRegDevice.htm" access="permitAll" /> <intercept-url pattern="/css/**" access="permitAll" /> <intercept-url pattern="/**" access="hasRole('DefaultRole')" /> <access-denied-handler error-page="/403" /> <form-login login-page="/userLogin.htm" default-target-url="/groupview.htm" authentication-failure-url="/userLogin.htm?error" username-parameter="username" password-parameter="password" authentication-success-handler-ref="authSuccessHandler" /> <csrf /> </http> <beans:bean id="authSuccessHandler" class="com.pathfinder.filter.AuthenticationSuccessHandlerImpl" /> <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <authentication-manager> <authentication-provider> <password-encoder ref="encoder" /> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password, status from users where username=?" authorities-by-username-query="select username, 'DefaultRole' as role from userrolesview where username =? " /> </authentication-provider> </authentication-manager>
source share