Lucas Freitas
Reputation: 1038
restTemplate Error 403
I'm trying to implemente a request method, but I can't figure out how to sent the X-XSRF-TOKEN to my webservice.
In the webservice, the token is configured to be X-XSRF-TOKEN
<beans:bean id="csrfTokenRepository"
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
<beans:property name="headerName" value="X-XSRF-TOKEN" />
</beans:bean>
I have it in my android App
public class WSConfig {
private static String urlBase = "http://192.168.25.226:8080/webapi/";
private static HttpHeaders httpHeaders;
private static RestTemplate restTemplate = new RestTemplate();
private static HttpEntity<String> httpEntity = new HttpEntity(getXSRF());
private static ResponseEntity<String> response;
public static HttpHeaders getXSRF() {
try {
HttpEntity<String> responseEntity = restTemplate.exchange(urlBase, HttpMethod.GET, null, String.class);
CookieManager cookieManager = new CookieManager();
List<String> cookieHeader = responseEntity.getHeaders().get("Set-Cookie");
httpHeaders = new HttpHeaders();
httpHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
if (cookieHeader != null) {
for (String cookie : cookieHeader) {
String[] tokens = TextUtils.split(cookie, "=");
if (tokens[0].equals("XSRF-TOKEN")) {
String[] tokenValue = TextUtils.split(tokens[1],";");
httpHeaders.add("X-XSRF-TOKEN", tokenValue[0]);
}
if (tokens[0].equals("JSESSIONID")) {
String[] tokenValue = TextUtils.split(tokens[1],";");
httpHeaders.add("Cookie", "JSSESSIONID="+tokenValue[0]);
}
}
}
} finally {
return httpHeaders;
}
}
public static HttpEntity<String> makeRequest(String uri, HttpMethod method) {
try {
restTemplate.setErrorHandler(new DefaultResponseErrorHandler(){
protected boolean hasError(HttpStatus statusCode) {
return false;
}});
System.out.println(httpEntity.getHeaders());
response = restTemplate.exchange(urlBase + "registrar", HttpMethod.POST, null, String.class);
System.out.println(response.getHeaders());
System.out.println(response.getBody());
} catch (HttpStatusCodeException e) {
e.printStackTrace();
}
return null;
}
}
In my LogCat, I got these results from the System.outs
System.out.println(httpEntity.getHeaders());
{Accept=[application/json], Cookie=[JSSESSIONID=D0D537D4C38D2D69B01BF4F98B540763], X-XSRF-TOKEN=[8c21c671-bba4-4624-ada1-ff1e9e8f2e22]}
System.out.println(response.getHeaders());
{Server=[Apache-Coyote/1.1], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-XSS-Protection=[1; mode=block], X-Frame-Options=[DENY], X-Content-Type-Options=[nosniff], Set-Cookie=[JSESSIONID=7DBA84F6218BC9A8328A97587FC6293A; Path=/webapi/; HttpOnly], Content-Type=[text/html;charset=utf-8], Content-Language=[en], Content-Length=[1073], Date=[Thu, 20 Aug 2015 00:53:46 GMT], X-Android-Sent-Millis=[1440032027763], X-Android-Received-Millis=[1440032027805], X-Android-Response-Source=[NETWORK 403]}
And, the error
System.out.println(response.getBody());
HTTP Status 403 - Expected CSRF token not found. Has your session expired?
I can't figure what I have to do, I'm sending the header correctly, but can't make the post.
UPDATED
I'm think that this error have relation with JSESSIONID, instead of XSRF-TOKEN, someway after my first GET ( to get the XSRF ) the session is getting expired.
Upvotes: 2
Views: 2961
Answers (1)
Lucas Freitas
Reputation: 1038
SOLUTION
As I said, this error is relationed with JSESSIONID.
When I split the JSESSIONID cookie it is losing something that need to make the cookie alive (the path, maybe?)
So, instead of add the cookie like this
httpHeaders.add("Cookie", "JSSESSIONID="+tokenValue[0]);
I've attached it this way
httpHeaders.add("Cookie", cookie);
Making it, I make sure that all content be attached to the new header.
The final method.
public static HttpHeaders getXSRF() {
try {
HttpEntity<String> responseEntity = restTemplate.exchange(urlBase, HttpMethod.GET, null, String.class);
CookieManager cookieManager = new CookieManager();
List<String> cookieHeader = responseEntity.getHeaders().get("Set-Cookie");
httpHeaders = new HttpHeaders();
httpHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
if (cookieHeader != null) {
for (String cookie : cookieHeader) {
String[] tokens = TextUtils.split(cookie, "=");
if (tokens[0].equals("XSRF-TOKEN")) {
String[] tokenValue = TextUtils.split(tokens[1],";");
httpHeaders.add("X-XSRF-TOKEN", tokenValue[0]);
}
if (tokens[0].equals("JSESSIONID"))
httpHeaders.add("Cookie", cookie);
}
}
} finally {
return httpHeaders;
}
}
Upvotes: 2
Related Questions
- Java - RestTemplate 405 Method Not Allowed Although Postman Call Works
- Post Request using resttemplate but have 401 unauthorised
- Getting exception when requesting XSRF-TOKEN using Spring RestTemplate
- Status 403 Invalid CSRF token in Post request from Postman
- Spring rest template 401 error response
- Android HttpUrlConnection Cannot Post - Error 403
- Spring Resttemplate login fails
- Android RestTemplate 403 Expected CSRF token not found
- j_spring_security_check resulted in 401 (Android)
- Missing CSRF token in REST request