Reputation: 172
Controller redirect leads to error 403 'Type=Forbidden'
I'm setting up a server-based website for a uni project, and I'm having an issue when it comes to adding a new user, which will add a user to the database, and then redirect the user to the profile page. But When I submit the form it triggers a 403 error, which from the reading I've done seems to indicate it's not able to access the page for whatever reason.
I'm fairly confident it's not to do with my security configuration(Directory "src/java/pokedex/config/securityConfig.java"), though I'll add it in case:
package pokedex.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class securityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
}
@Override
protected void configure(HttpSecurity http) throws Exception {
}
}
The other links in the file seem to work, and I can access the profile page from the nav bar, it's just the redirect that's causing issues.
This is the (I think) relevant code for the controller(Directory "src/java/pokedex/controllers/RegistrationController.java"):
public String processRegistration(User user) {
registrationService.addUser(user);
return "redirect:/profile";
}
@RequestMapping(value = "/profile")
public ModelAndView showProfile() {
return new ModelAndView("/profile", "user",
registrationService.getCurrentUser() != null
? registrationService.getCurrentUser()
: new User("John", "Doe", "[email protected]", "password"));
}
With registrationService's implementation(Directory "src/java/pokedex/services/RegistrationServiceImpl.java") being provided by:
package pokedex.services;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import pokedex.dao.UserRepository;
import pokedex.entities.User;
@Service
public class RegistrationServiceImpl implements RegistrationService {
private UserRepository userRepository;
private User currentUser;
@Autowired
public RegistrationServiceImpl(UserRepository userRepository) {
this.userRepository = userRepository;
userRepository.save(new User("john", "doe", "[email protected]", "password"));
}
@Override
public List<User> getUsers() {
return userRepository.findAll();
}
@Override
public void addUser(User user) {
currentUser = user;
userRepository.save(user);
}
@Override
public User getCurrentUser() {
return currentUser;
}
@Override
public int getNumberOfUsers() {
return (int) userRepository.count();
}
}
As for the pages, the profile page directory is "src/resources/templates/profile.html" and the registration page is "src/resources/templates/register.html".
The part that could be causing the issue in profile is:
<article>
<section class="profile">
<fieldset>
<legend>User Information</legend>
<table>
<tr>
<td><label>Name:</label></td>
<td th:text="${user.firstName} ?: 'John'">John</td>
<td th:text="${user.lastName} ?: 'Doe'">Doe</td>
</tr>
</table>
<table>
<tr>
<td><label>Email:</label></td>
<td th:text="${user.email} ?: '[email protected]'">[email protected]</td>
</tr>
</table>
</fieldset>
</section>
</article>
While the registration portion in register is:
<article>
<section class="registration">
<form action="/register" method="post" th:object="${user}">
<fieldset>
<legend>User Information</legend>
<table>
<tr>
<td><label>First name:</label></td>
<td><input type="text" th:field="*{firstName}"/></td>
</tr>
<tr>
<td><label>Last name:</label></td>
<td><input type="text" th:field="*{lastName}"/></td>
</tr>
<tr>
<td><label>Email:</label></td>
<td><input type="email" th:field="*{email}"/></td>
</tr>
<tr>
<td><label>Password:</label></td>
<td><input type="password" th:field="*{password}"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="register"/></td>
</tr>
</table>
</fieldset>
</form>
</section>
</article>
That's what I've managed to club together on my own, and where I think the issues may lie, if anyone has any suggestions or wants to see more code I'm happy to provide.
I did notice whilst I was uploading this that the IDE (Intellij IDEA) was saying it wasn't recognising the user fields(?) in profile, but it doesn't have that issue for other objects, but as far as I can tell they're functionally identical so that might be a bust.
If anyone could point me in the right direction for getting rid of the error I'd appreciate that a lot.
Upvotes: 0
Views: 170
Answers (1)
Reputation: 172
Okay so seems this was yet another incident to add the "read 5 minutes into the lecture" book, turns out it was the security, a (simple) fix was to add:
http.csrf().disable();
http.headers().frameOptions().disable();
To the httpSecurity configure method
Upvotes: 1
Related Questions
- Spring Boot - redirect to a different controller method
- Why Cannot render error page for request?
- redirect to HTML page using spring boot / thymyleaf
- Spring Boot - Thymeleaf - redirect to Error page
- Spring boot controller not redirecting correctly
- Redirect not working with Thymeleaf in Spring Boot app
- Spring - Thymeleaf - 404 Error
- Thymeleaf + Spring MVC Post/Redirect/Get
- Why my thymeleaf redirect not work?
- Spring Controller Redirect Not Working