java - Using Jersey to get a CSRF token through REST and use it in a login -

-

using jersey 2.19, how csrf token server uses spring security 3 , make successful login? have 2 projects, client uses rest, , server created using jhipster.

first, i'm making request http://localhost:8080 , i'm getting response headers:

cache-control:no-cache, no-store, max-age=0, must-revalidate content-language:en content-length:17229 content-type:text/html;charset=utf-8 date:tue, 21 jul 2015 19:24:40 gmt expires:0 last-modified:thu, 02 jul 2015 17:07:31 gmt pragma:no-cache server:apache-coyote/1.1 set-cookie:csrf-token=0902449b-bac7-43e8-bf24-9ec2c1faa48b; path=/ x-application-context:application:dev:8081 x-content-type-options:nosniff x-xss-protection:1; mode=block

i extract set-cookie header , csrf token there. i'm making post request way:

http://localhost:8080/api/authentication?j_username=user&j_password=user&submit=login

with request headers:

content-type: application/x-www-form-urlencoded x-csrf-token: <extracted token>

using chrome's plugin postman, can make correct post request login, jersey, i'm unable send correctly csrf token (i 403 response).

this response:

{"timestamp":1437507680089,"status":403,"error":"forbidden","message":"expected csrf token not found. has session expired?","path":"/api/authentication"}

this jersey code:

webtarget hosttarget = getclient().target("http://localhost:8080");  response r = hosttarget.request().get(); string header = r.getheaderstring("set-cookie"); string csrf = null;  list<httpcookie> cookies = httpcookie.parse(header);  (httpcookie c : cookies) {     if("csrf-token".equals(c.getname())){         csrf = c.getvalue();         break;     } }  webtarget logintarget = hosttarget.path("/api/authentication"); logintarget = logintarget.queryparam("j_username", username)     .queryparam("j_password", password)     .queryparam("submit", "login");  builder req = logintarget.request(mediatype.application_json_type); if (csrf != null) {     req = req.header("x-csrf-token", csrf); }  response cr = req.post(entity.entity(null,         mediatype.application_form_urlencoded_type));  system.out.println("response: " + cr.readentity(string.class));

thanks time.

after trial , error, found solution. important take in count cookies (as indicated roman vottner) rest configuration communicate spring security. important cookie must present jsessionid , header x-csrf-token (or whatever header name configured in server), capture them in initial request , send them again.

i've decided send cookies server in way.

webtarget hosttarget = getclient().target("http://localhost:8080");  response r = hosttarget.request().get(); string headercookies = r.getheaderstring("set-cookie");  map<string, newcookie> cookies = r.getcookies(); string csrf = cookies.get("csrf-token").getvalue();  webtarget logintarget = hosttarget.path("/api/authentication"); logintarget = logintarget.queryparam("j_username", username)     .queryparam("j_password", password)     .queryparam("submit", "login");  builder req = logintarget.request(mediatype.application_json_type); req = req.header("cookie", headercookies);  if (csrf != null) {     req = req.header("x-csrf-token", csrf); }  response cr = req.post(entity.entity(null,         mediatype.application_form_urlencoded_type));  //the response empty (in case) status code 200 system.out.println("response: " + cr.readentity(string.class));

Comments

Post a Comment

Popular posts from this blog

python - Healpy: From Data to Healpix map -

-
Image
i have data grid rows represent theta (0, pi) , columns represent phi (0, 2*pi) , f(theta,phi) density of dark matter @ location. wanted calculate power spectrum , have decided use healpy. what can not understand how format data healpy use. if provide code (in python obvious reasons) or point me tutorial, great! have tried hand @ doing following code: #grid dimensions nrows*ncols (subject change) theta = np.linspace(0, np.pi, num=grid.shape[0])[:, none] phi = np.linspace(0, 2*np.pi, num=grid.shape[1]) nside = 512 print "pixel area: %.2f square degrees" % hp.nside2pixarea(nside, degrees=true) pix = hp.ang2pix(nside, theta, phi) healpix_map = np.zeros(hp.nside2npix(nside), dtype=np.double) healpix_map[pix] = grid but, when try execute code power spectrum. specifically, : cl = hp.anafast(healpix_map[pix], lmax=1024) i error: typeerror: bad number of pixels if point me tutorial or edit code great. more specifications: data in 2d np array , can change numrows/...
Read more

c - Bitwise operation with (signed) enum value -

-
i using enumerator values flags: typedef enum { = 0x00, b = 0x01u, // u has no influence, expected c = 0x02u, // u has no influence, expected ... } enum_name; volatile unsigned char* reg = someaddress; *reg |= b; according misra-c:2004 bitwise operations shall not done signed type. unfortunately, compiler iar use signed int (or short or char) underlying type of enums, , option can find relates size, not signedness ("--enum-is-int"). according iar c/c++ development guide arm , pages 169 , 211, can define type of enum s if enable iar language extensions ( -e command-line option, or project > options > c/c++ compiler > language > allow iar extensions in ide). in particular, should define "sentinel" value, make sure compiler chooses correct type. prefers signed types, , uses smallest possible integer type, sentinel should largest positive integer corresponding unsigned integer type can describe. example, typedef enum ...
Read more

xslt - Unnest parent nodes by child node -

-
in xml there items 0-n attributes , item should copied each attribute new item 1 attribute. given xml this: <?xml version="1.0" encoding="utf-8" ?> <items> <item> <name>a</name> <attributes> <attribute> <key>attribute1</key> <value>1</value> </attribute> </attributes> </item> <item> <name>b</name> </item> <item> <name>c</name> <attributes> <attribute> <key>attribute1</key> <value>5</value> </attribute> <attribute> <key>attribute2</key> <value>2</value> </attribute> <attribute> <key>attri...
Read more