使用GWT + Spring Security获取403错误

时间:2017-07-27 07:25:11

标签: gwt spring-security

我的应用的哲学来自这个article。根据它,我做了配置类:

@Configuration
public class SpringForGwtConfig {
@Bean
public HandlerMapping simpleUrlHandlerMapping() {
    SimpleUrlHandlerMapping simpleUrlHandlerMapping = new SimpleUrlHandlerMapping();
    Map<String, Controller> map = new HashMap<>();
    map.put("/notes/notes.rpc", notesGwtController());
    simpleUrlHandlerMapping.setUrlMap(map);
    return simpleUrlHandlerMapping;
}

@Bean
public ServletRegistrationBean gwtServlet() {
    return new ServletRegistrationBean(notesGwtController(), "/notes/notes.rpc");
}

@Bean
public NotesGwtController notesGwtController() {
    NotesGwtController notesGwtController = new NotesGwtController();
    notesGwtController.setRemoteService(notesService());
    return notesGwtController;
}

@Bean
public NotesGwtService notesService() {
    return new NotesGwtServiceImpl();
}
}

和Controller使用(我希望如此)“策略”模式,用于编码和解码请求(来自)spring dispatcher servlet。

public class NotesGwtController extends RemoteServiceServlet implements Controller, ServletContextAware {
private ServletContext servletContext;
private RemoteService remoteService;
private Class remoteServiceClass;

@Override
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
    super.doPost(request, response);
    return null;
}

@Override
public String processCall(String payload) throws SerializationException {
    try {
        RPCRequest rpcRequest = RPC.decodeRequest(payload, this.remoteServiceClass);
        // delegate work to the spring injected service
        return RPC.invokeAndEncodeResponse(this.remoteService, rpcRequest.getMethod(), rpcRequest.getParameters());

    } catch (IncompatibleRemoteServiceException exception) {
        getServletContext()
                .log(
                        "An IncompatibleRemoteServiceException was thrown while processing this call.",
                        exception
                );
        return RPC.encodeResponseForFailure(null, exception);
    }
}

@Override
public ServletContext getServletContext() {
    return servletContext;
}

@Override
public void setServletContext(ServletContext servletContext) {
    this.servletContext = servletContext;
}

public void setRemoteService(RemoteService remoteService) {
    this.remoteService = remoteService;
    this.remoteServiceClass = this.remoteService.getClass();
}
}

所以我有安全控制器,它映射(“/ notes”)并将它(感谢thymeleaf)渲染到localhost:8080 / notes.html。页面返回。这很酷。但是当我在浏览器中打开控制台时,它包含以下错误: POST http://localhost:8080/notes/notes/notes.rpc 403() 这个错误不允许我对gwt RPC服务执行异步请求。

在我的安全配置中,我添加了映射:

        http
            .authorizeRequests()
            .antMatchers("/").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
            .antMatchers("/api/**").access("hasRole('ROLE_ADMIN')")
            .antMatchers("/notes").authenticated()
            .antMatchers("/notes/notes.rpc").anonymous()

但错误并没有消失。所以问题是“为什么会这样?”和“可能是”我的“哲学不太好?”

1 个答案:

答案 0 :(得分:1)

我解决了它。我唯一需要做的就是禁用csrf。安全性默认启用它,

相关问题
最新问题