Reputation: 3347
spring security + angularjs ajax post
I'm just implemented the Spring Security to my project. I'm enabled CSRF. The problem is - that i think all the POST requests to REST API(Spring) is now blocked by spring security i think.
This is my Spring Security config
<context:annotation-config/>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<headers>
<cache-control />
</headers>
<intercept-url pattern="/maps/api/admin**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/user**" access="hasRole('ROLE_USER')"/>
<!-- access denied page -->
<access-denied-handler error-page="/403"/>
<form-login
login-processing-url="/login/processing"
login-page="/user-login"
default-target-url="/"
authentication-failure-url="/user-login"
username-parameter="username"
password-parameter="password"
authentication-success-handler-ref="successHandler"
authentication-failure-handler-ref="failureHandler"/>
<logout logout-success-url="/maps/api/user-login?logout" delete-cookies="JSESSIONID"/>
<!-- enable csrf protection -->
<csrf/>
</http>
i have a custom authentication success handlers and POST for authentication works well.
This is how i sent my POST for authentication (in Angular)
var req = {
method: 'POST',
url: '/login/processing',
headers: {
'Content-Type': "application/x-www-form-urlencoded",
'Upgrade-Insecure-Requests': "1",
'X-CSRF-TOKEN': $('input[name="_csrf"]').val()
},
data: $(obj.target).serialize()
}
$http(req)
.success(function(data, status, headers, config){
blab bla bla
})
.error(function(data){
alert( "Exception details: " + JSON.stringify({data: data}));
});
This is the example of other POST request i sending to retrieve a data from Spring REST API Controller:
var formData = {
"username" : $scope.registerUser.email,
"password" : $scope.registerUser.password
};
var req = {
method: 'POST',
url: '/maps/api/user/register',
headers: {
'X-CSRF-TOKEN': $('input[name="_csrf"]').val(),
//'Content-Type': "application/x-www-form-urlencoded"
'Content-Type': 'application/json'
},
data: formData
}
$http(req)
.success(function(data, status, headers, config){
blaaaaaaaa
})
.error(function(data, status, headers, config){
alert( "Exception details: " + JSON.stringify({data: data}));
});
and getting this error:
The resource identified by this request is only capable of generating responses with characteristics not acceptable according to the request "accept" headers.
but actually i got 'Content-Type': 'application/json'
as "accept" headers, and the controller also returns a JSON object.
Can anyone help?
Upvotes: 1
Views: 1385
Answers (1)
Reputation: 54
what is your Spring version, if it's 4.1.* . Add the following jars to your pom.xml
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.4.1.1</version>
</dependency>
Or Add
headers = "Accept=*/*", produces = "application/json"
to your controller mapping
Upvotes: 1
Related Questions
- Spring Security REST and Angular
- Http POST request in AJAX works perfectly but not in AngularJS
- Spring Security and Angularjs Login
- Spring security with angular
- Spring Security + AngularJS: POST request
- AngularJS Web Application with Spring Security
- Spring security doesn't work with angularJS
- AngularJS and Spring MVC security
- AngularJS/AJAX Authentication using Spring Security - return JSON response
- Angularjs and security concern