我正在使用xml配置使用angularjs来修复spring security,但是获得了与CSRF令牌相关的错误

时间:2015-05-26 11:42:24

标签: java xml angularjs spring

      //loin using index.jsp using form tag for rest behaviour using angular mvc 
      //  route.js 

        var leavemanagement = angular.module('leavemanagement', [ 'ngResource',
                'ngRoute', ]);

        leavemanagement
                .config(function($routeProvider, $httpProvider) {
                    $httpProvider.defaults.xsrfHeaderName = 'X-CSRF-TOKEN';
                    $httpProvider.defaults.xsrfCookieName = 'CSRF-TOKEN';
                    $routeProvider
                            .when(
                                    'leavePolicyDetails',
                                    {
                                        templateUrl : "./resources/leave-management-angular-src/partials/leave_policy_details.html",
                                        controller : 'admincontroller'
                                    })
                            .when(
                                    '/setLeavePolicy',
                                    {
                                        templateUrl : "./resources/leave-management-angular-src/partials/leave_policy.html",
                                        controller : 'admincontroller'
                                    });

                });

        leavemanagement.run(function($location, adminService) {
            // adminService.home()

            /*
             * if (angular.equals($location.absUrl(),
             * "http://localhost:8080/leavemanagement/successLogin")) {
             * $location.path("/something"); adminService.login({ "username" : "usman",
             * "password" : "passwprd" }); }
             */

        });


     //   security.xml configuration using spring 4.0.1 please take a look

        <?xml version="1.0" encoding="UTF-8"?>
        <beans xmlns="http://www.springframework.org/schema/beans"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
            xmlns:security="http://www.springframework.org/schema/security"
            xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

            <!-- Root Context: defines shared resources visible to all other web components -->
            <context:property-placeholder location="classpath:*.properties" />
            <context:annotation-config />
            <context:component-scan base-package="com.agami.leavemanagement.*" />
            <import resource="./appServlet/servlet-context.xml" />
            <bean id="csrfTokenRepository"
                class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
                <property name="headerName" value="X-XSRF-TOKEN" />
            </bean>
            <bean id="authenticationHandller"
                class="com.agami.leavemanagement.service.AuthenticationHandller">
            </bean>
            <security:http auto-config="true" use-expressions="true"
                authentication-manager-ref="autManager">
                <security:intercept-url pattern="/" access="permitAll" />
                <security:intercept-url pattern="/successLogin"
                    access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_PROMANAGER')" />
                <security:intercept-url pattern="/user"
                    access="hasRole('ROLE_USER')" />
                <security:form-login login-page="/"
                    login-processing-url="/login" username-parameter="username"
                    password-parameter="password" authentication-failure-url="/index?error=true"
                    authentication-success-handler-ref="authenticationHandller" />
                <security:session-management>
                    <security:concurrency-control
                        max-sessions="1" error-if-maximum-exceeded="true" />
                </security:session-management>
                <security:logout invalidate-session="true"
                    logout-success-url="/" delete-cookies="JSESSIONID" logout-url="/logout" />
                <security:access-denied-handler
                    error-page="/error" />
                <security:csrf  />

            </security:http>

            <security:authentication-manager id="autManager">
                <security:authentication-provider>
                    <security:jdbc-user-service
                        data-source-ref="dataSource"
                        users-by-username-query="select 
                        username,password,enabled from users where username=?"
                        authorities-by-username-query="select 
                        username,authority from Authorities where username=?" />
                </security:authentication-provider>
            </security:authentication-manager>

        </beans>

       // login.jsp using 'form' tag  and with csrf token 


        <%@ page language="java" contentType="text/html; charset=UTF-8"
            pageEncoding="UTF-8"%>
        <%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
        <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
        <html>
        <head>
        <title>Leave Management</title>
        <meta http-equiv="Pragma" content="no-cache"> 
        <meta http-equiv="Cache-Control" content="no-cache"> 
        <meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">
        </head>
        <body>

            <div class="row vertical-offset-100 login-space">
                <div
                    class="col-lg-4 col-sm-8 col-xs-8 col-md-offset-2 col-lg-offset-4 col-sm-offset-2 col-xs-offset-2">
                    <div class="panel panel-default login-panel">
                        <div class="panel-heading login-panel-heading">
                            <div class="row-fluid user-row">
                                <c:if test="${not empty param.error}">
                                    <h1 class="login_txt" style="color: red">Bad Credentials</h1>
                                </c:if>

                                <h1 class="login_txt">Login Form</h1>
                            </div>
                        </div>
                        <div class="panel-body">
                            <c:url var="loginUrl" value="/login"></c:url>
                            <form:form method="POST" action="${loginUrl}" commandName="user"
                                role="form" class="form-signin">
                                <fieldset>
                                    <label class="panel-login">
                                        <div class="login_result"></div>
                                    </label>
                                    <form:input path="username"
                                        class="form-control transparent-input" placeholder="Username"
                                        id="username" name='j_username' />
                                    <form:password path="password"
                                        class="form-control transparent-input" placeholder="Password"
                                        id="password" name='j_password' />

                                    <p class="keeplogin">
                                        <a id="pwd" href="forgotPwd"
                                            title="if you are a normal user or project Manager contact to admin"><label
                                            class="forget_pwd" for="loginkeeping">Forget Password</label></a> <input
                                            type="hidden" name="${_csrf.parameterName}"
                                            value="${_csrf.token}" /> <input
                                            class="btn btn-lg btn-success btn-block login-btn"
                                            type="submit" id="login" value="Login">
                                    </p>
                                </fieldset>
                            </form:form>
                        </div>
                    </div>
                </div>
            </div>
        </body>
        </html>

“NetworkError:403 Forbidden - http://localhost:8080/leavemanagement / storeLeaveType” 我想我收到此错误,因为我无法在角度侧设置csrf令牌     我google了很多但没有得到答案,希望能在这里得到答案     感谢。

1 个答案:

答案 0 :(得分:0)

我相信您需要在JSP中包含Spring MVC安全标记。这将设置令牌,以便将来的请求包含安全凭证。我有使用Angular和Spring MVC的经验,如果这仍然是一个问题,可以发布一些示例代码。这个帖子已经超过一个月了,所以我不确定你是否还有问题