Reputation: 507
Getting 403 error with GWT+Spring Security
Philosophy of my app came from this article. According to it I made Configuration Class:
@Configuration
public class SpringForGwtConfig {
@Bean
public HandlerMapping simpleUrlHandlerMapping() {
SimpleUrlHandlerMapping simpleUrlHandlerMapping = new SimpleUrlHandlerMapping();
Map<String, Controller> map = new HashMap<>();
map.put("/notes/notes.rpc", notesGwtController());
simpleUrlHandlerMapping.setUrlMap(map);
return simpleUrlHandlerMapping;
}
@Bean
public ServletRegistrationBean gwtServlet() {
return new ServletRegistrationBean(notesGwtController(), "/notes/notes.rpc");
}
@Bean
public NotesGwtController notesGwtController() {
NotesGwtController notesGwtController = new NotesGwtController();
notesGwtController.setRemoteService(notesService());
return notesGwtController;
}
@Bean
public NotesGwtService notesService() {
return new NotesGwtServiceImpl();
}
}
And Controller which uses (i hope so) "Strategy" pattern for encoding and decoding requests to (from) spring dispatcher servlet.
public class NotesGwtController extends RemoteServiceServlet implements Controller, ServletContextAware {
private ServletContext servletContext;
private RemoteService remoteService;
private Class remoteServiceClass;
@Override
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
super.doPost(request, response);
return null;
}
@Override
public String processCall(String payload) throws SerializationException {
try {
RPCRequest rpcRequest = RPC.decodeRequest(payload, this.remoteServiceClass);
// delegate work to the spring injected service
return RPC.invokeAndEncodeResponse(this.remoteService, rpcRequest.getMethod(), rpcRequest.getParameters());
} catch (IncompatibleRemoteServiceException exception) {
getServletContext()
.log(
"An IncompatibleRemoteServiceException was thrown while processing this call.",
exception
);
return RPC.encodeResponseForFailure(null, exception);
}
}
@Override
public ServletContext getServletContext() {
return servletContext;
}
@Override
public void setServletContext(ServletContext servletContext) {
this.servletContext = servletContext;
}
public void setRemoteService(RemoteService remoteService) {
this.remoteService = remoteService;
this.remoteServiceClass = this.remoteService.getClass();
}
}
So I have security controller, which maps ("/notes") and render it (thanks to thymeleaf) to localhost:8080/notes.html. And page returns. It's cool. But when I open console in browser, it contains this error: POST http://localhost:8080/notes/notes/notes.rpc 403 () This error doesnt let me to do async requests to gwt RPC service.
In my security configuration I added mapping:
http
.authorizeRequests()
.antMatchers("/").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.antMatchers("/api/**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/notes").authenticated()
.antMatchers("/notes/notes.rpc").anonymous()
But the error hasn't gone. So the question is "why is that?" and "May be "my" philosophy not so well?"
Upvotes: 1
Views: 378
Answers (1)
Reputation: 507
I solved it. Only thing I had to do is disable csrf. Security enables it by default,
Upvotes: 1
Related Questions
- Spring security always returns HTTP 403
- Spring security + JWT 403 forbidden error
- How to resolve 403 on spring security JWT authentication for public resources
- Spring Security Always returning 403 forbidden, Access denied
- Spring Boot Security + GWT, static resources access 403 error
- Get HTTP status 404 for /j_spring_security_check with GWT
- Spring security is giving 403 inspite of right credentials
- 403 - Access is denied after authenticating
- GWT - Spring security url intercepting
- Spring Security method authorization not working