Java 使用入站网关POST方法获取403-Spring集成
所以我一直在尝试使用SpringIntegrationInboundGateway将一些数据发布到web服务。GET方法很好用。所以我试着用POST,我在传递一些字符串。并试图得到一个简单的字符串。您可以检查测试服务。但每次我尝试运行测试用例时,都会出现403错误。我已经检查了Spring的安全性和其他方面,但是我无法理解这一点。我在谷歌上搜索了大约两天,但对此一无所知 您可以查看link,看看我的其他函数,它们是GET方法,工作正常。我有这个问题只与邮政!所以请帮助我知道我的代码有什么问题 My integration.xml是:Java 使用入站网关POST方法获取403-Spring集成,java,spring,spring-integration,Java,Spring,Spring Integration,所以我一直在尝试使用SpringIntegrationInboundGateway将一些数据发布到web服务。GET方法很好用。所以我试着用POST,我在传递一些字符串。并试图得到一个简单的字符串。您可以检查测试服务。但每次我尝试运行测试用例时,都会出现403错误。我已经检查了Spring的安全性和其他方面,但是我无法理解这一点。我在谷歌上搜索了大约两天,但对此一无所知 您可以查看link,看看我的其他函数,它们是GET方法,工作正常。我有这个问题只与邮政!所以请帮助我知道我的代码有什么问题 M
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration.xsd
http://www.springframework.org/schema/integration/http http://www.springframework.org/schema/integration/http/spring-integration-http.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm.xsd"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xmlns:int-http="http://www.springframework.org/schema/integration/http">
<int:annotation-config/>
<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="order" value="1" />
<property name="contentNegotiationManager">
<bean class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
<property name="defaultContentType" value="application/json"/>
<property name="favorParameter" value="true"/>
<property name="ignoreAcceptHeader" value="true" />
<property name="mediaTypes">
<map>
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
</map>
</property>
</bean>
</property>
<property name="defaultViews">
<list>
<bean
class="org.springframework.integration.samples.rest.json.view.ExtendedMappingJacksonJsonView" >
<property name="objectMapper" ref="jaxbJacksonObjectMapper"/>
</bean>
<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
<constructor-arg ref="marshaller"/>
</bean>
</list>
</property>
</bean>
<int:channel id="orderRequestChannel" />
<int:channel id="orderResponseChannel" />
<int-http:inbound-gateway id="inboundOrderRequestGateway"
supported-methods="POST"
request-channel="orderRequestChannel"
reply-channel="orderResponseChannel"
view-name="/order"
path="/order/view"
request-payload-type="java.lang.String"
reply-timeout="50000">
</int-http:inbound-gateway>
<int:service-activator id="orderGatewayActivator"
input-channel="orderRequestChannel"
output-channel="orderResponseChannel"
ref="testService"
method="createOrder"
requires-reply="true"
send-timeout="60000" />
<oxm:jaxb2-marshaller id="marshaller" context-path="org.springframework.integration.samples.rest.domain" />
<bean id="jaxbJacksonObjectMapper" class="org.springframework.integration.samples.rest.json.JaxbJacksonObjectMapper"/>
@Service("testService")
public class TestService {
public Message<String> createOrder(Message<String> orderRequest) {
System.out.println("Inside!!!!!!!!!!");
return MessageBuilder.withPayload("Some Response!").build();
}
}
测试服务方法为:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration.xsd
http://www.springframework.org/schema/integration/http http://www.springframework.org/schema/integration/http/spring-integration-http.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm.xsd"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xmlns:int-http="http://www.springframework.org/schema/integration/http">
<int:annotation-config/>
<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="order" value="1" />
<property name="contentNegotiationManager">
<bean class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean">
<property name="defaultContentType" value="application/json"/>
<property name="favorParameter" value="true"/>
<property name="ignoreAcceptHeader" value="true" />
<property name="mediaTypes">
<map>
<entry key="json" value="application/json" />
<entry key="xml" value="application/xml" />
</map>
</property>
</bean>
</property>
<property name="defaultViews">
<list>
<bean
class="org.springframework.integration.samples.rest.json.view.ExtendedMappingJacksonJsonView" >
<property name="objectMapper" ref="jaxbJacksonObjectMapper"/>
</bean>
<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
<constructor-arg ref="marshaller"/>
</bean>
</list>
</property>
</bean>
<int:channel id="orderRequestChannel" />
<int:channel id="orderResponseChannel" />
<int-http:inbound-gateway id="inboundOrderRequestGateway"
supported-methods="POST"
request-channel="orderRequestChannel"
reply-channel="orderResponseChannel"
view-name="/order"
path="/order/view"
request-payload-type="java.lang.String"
reply-timeout="50000">
</int-http:inbound-gateway>
<int:service-activator id="orderGatewayActivator"
input-channel="orderRequestChannel"
output-channel="orderResponseChannel"
ref="testService"
method="createOrder"
requires-reply="true"
send-timeout="60000" />
<oxm:jaxb2-marshaller id="marshaller" context-path="org.springframework.integration.samples.rest.domain" />
<bean id="jaxbJacksonObjectMapper" class="org.springframework.integration.samples.rest.json.JaxbJacksonObjectMapper"/>
@Service("testService")
public class TestService {
public Message<String> createOrder(Message<String> orderRequest) {
System.out.println("Inside!!!!!!!!!!");
return MessageBuilder.withPayload("Some Response!").build();
}
}
@Service(“testService”)
公共类测试服务{
公共消息createOrder(消息orderRequest){
System.out.println(“内部!!!!!!!!!!!”;
返回MessageBuilder.withPayload(“一些响应!”).build();
}
}
Spring安全文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security
secured-annotations="enabled" />
<!-- Configure Spring Security -->
<security:http auto-config="true" use-expressions="true" realm="REST HTTP Web Service" create-session="never">
<security:http-basic />
<security:intercept-url pattern='/services/employee/*' access="hasRole('ROLE_REST_HTTP_USER')" />
<security:intercept-url pattern='/order/*' access="permitAll" />
<security:csrf disabled="true" />
</security:http>
<!-- In this example, we are using in memory authentication. The password encoder depends on
Jasypt's String Digester to digest the password stored in users.properties -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder ref="passwordEncoder"/>
<security:user-service properties="classpath:users.properties" />
</security:authentication-provider>
</security:authentication-manager>
<!--
Use the StringDigester to create uni-directional password encryption.
All uni-directional encryption methods supported in jasypt is integrated into
Spring Security
-->
<bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" >
<property name="algorithm" value="SHA-1" />
<property name="iterations" value="100000" />
<property name="saltGenerator">
<bean id="zeroSaltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
</property>
<property name="saltSizeBytes" value="10"/>
</bean>
<!--
This Spring Security-friendly PasswordEncoder implementation will
wrap the StringDigester instance so that it can be used from
the security framework.
-->
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
<property name="stringDigester" ref="jasyptStringDigester"/>
</bean>
@Test
public void testPOST() throws Exception{
final String fullUrl = "http://localhost:9080/rest-http/order/view";
HttpHeaders headers = new HttpHeaders();
HttpEntity<Object> request = new HttpEntity<Object>(headers);
ResponseEntity<?> httpResponse = restTemplate.exchange(fullUrl, HttpMethod.POST, request, String.class, "Request");
//restTemplate.getMessageConverters().add(jsonHttpMessageConverter);
if (!httpResponse.getStatusCode().equals(HttpStatus.OK)){
logger.error("Problems with the request. Http status: " + httpResponse.getStatusCode());
}
}
最后我的测试方法:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security
secured-annotations="enabled" />
<!-- Configure Spring Security -->
<security:http auto-config="true" use-expressions="true" realm="REST HTTP Web Service" create-session="never">
<security:http-basic />
<security:intercept-url pattern='/services/employee/*' access="hasRole('ROLE_REST_HTTP_USER')" />
<security:intercept-url pattern='/order/*' access="permitAll" />
<security:csrf disabled="true" />
</security:http>
<!-- In this example, we are using in memory authentication. The password encoder depends on
Jasypt's String Digester to digest the password stored in users.properties -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:password-encoder ref="passwordEncoder"/>
<security:user-service properties="classpath:users.properties" />
</security:authentication-provider>
</security:authentication-manager>
<!--
Use the StringDigester to create uni-directional password encryption.
All uni-directional encryption methods supported in jasypt is integrated into
Spring Security
-->
<bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" >
<property name="algorithm" value="SHA-1" />
<property name="iterations" value="100000" />
<property name="saltGenerator">
<bean id="zeroSaltGenerator" class="org.jasypt.salt.ZeroSaltGenerator"/>
</property>
<property name="saltSizeBytes" value="10"/>
</bean>
<!--
This Spring Security-friendly PasswordEncoder implementation will
wrap the StringDigester instance so that it can be used from
the security framework.
-->
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
<property name="stringDigester" ref="jasyptStringDigester"/>
</bean>
@Test
public void testPOST() throws Exception{
final String fullUrl = "http://localhost:9080/rest-http/order/view";
HttpHeaders headers = new HttpHeaders();
HttpEntity<Object> request = new HttpEntity<Object>(headers);
ResponseEntity<?> httpResponse = restTemplate.exchange(fullUrl, HttpMethod.POST, request, String.class, "Request");
//restTemplate.getMessageConverters().add(jsonHttpMessageConverter);
if (!httpResponse.getStatusCode().equals(HttpStatus.OK)){
logger.error("Problems with the request. Http status: " + httpResponse.getStatusCode());
}
}
@测试
public void testPOST()引发异常{
最终字符串fullUrl=”http://localhost:9080/rest-http/order/view”;
HttpHeaders=新的HttpHeaders();
HttpEntity请求=新的HttpEntity(标头);
ResponseEntity httpResponse=restTemplate.exchange(fullUrl,HttpMethod.POST,request,String.class,“request”);
//restemplate.getMessageConverters().add(jsonHttpMessageConverter);
如果(!httpResponse.getStatusCode().equals(HttpStatus.OK)){
错误(“请求的问题。Http状态:+httpResponse.getStatusCode());
}
}
请帮帮我,伙计们!!提前感谢。如果您使用的是Spring的安全性,则默认情况下会启用,
X-Csrf-Token
您必须通过在Spring安全XML文件中添加以下内容来禁用此功能。阅读有关Spring的CSRF保护的更多信息,下面的代码将在$16.4.2配置CSRF保护一节中讨论
<http>
<!-- ... -->
<csrf disabled="true"/>
</http>
当你点击帖子时,你必须从服务器端共享org.springframework
类别的调试日志,并得到403禁止
。我太傻了,太累了,我只写了你在帖子中写的,也就是说,我没有禁用csrf。一旦我把它变成现实,它就成功了。谢谢你的帮助,兄弟!没问题,兄弟,这是常有的事。。我还通过答案进行了更新,以避免任何混淆。。