2
我想實現一個請求方法,但我想不出如何發送X-XSRF-TOKEN到我的web服務。restTemplate錯誤403
在Web服務,該令牌被配置爲X-XSRF-TOKEN
<beans:bean id="csrfTokenRepository"
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
<beans:property name="headerName" value="X-XSRF-TOKEN" />
</beans:bean>
我有它在我的Android應用
public class WSConfig {
private static String urlBase = "http://192.168.25.226:8080/webapi/";
private static HttpHeaders httpHeaders;
private static RestTemplate restTemplate = new RestTemplate();
private static HttpEntity<String> httpEntity = new HttpEntity(getXSRF());
private static ResponseEntity<String> response;
public static HttpHeaders getXSRF() {
try {
HttpEntity<String> responseEntity = restTemplate.exchange(urlBase, HttpMethod.GET, null, String.class);
CookieManager cookieManager = new CookieManager();
List<String> cookieHeader = responseEntity.getHeaders().get("Set-Cookie");
httpHeaders = new HttpHeaders();
httpHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
if (cookieHeader != null) {
for (String cookie : cookieHeader) {
String[] tokens = TextUtils.split(cookie, "=");
if (tokens[0].equals("XSRF-TOKEN")) {
String[] tokenValue = TextUtils.split(tokens[1],";");
httpHeaders.add("X-XSRF-TOKEN", tokenValue[0]);
}
if (tokens[0].equals("JSESSIONID")) {
String[] tokenValue = TextUtils.split(tokens[1],";");
httpHeaders.add("Cookie", "JSSESSIONID="+tokenValue[0]);
}
}
}
} finally {
return httpHeaders;
}
}
public static HttpEntity<String> makeRequest(String uri, HttpMethod method) {
try {
restTemplate.setErrorHandler(new DefaultResponseErrorHandler(){
protected boolean hasError(HttpStatus statusCode) {
return false;
}});
System.out.println(httpEntity.getHeaders());
response = restTemplate.exchange(urlBase + "registrar", HttpMethod.POST, null, String.class);
System.out.println(response.getHeaders());
System.out.println(response.getBody());
} catch (HttpStatusCodeException e) {
e.printStackTrace();
}
return null;
}
}
在我的logcat,我從這些結果System.outs
System.out.println(httpEntity.getHeaders());
{Accept=[application/json], Cookie=[JSSESSIONID=D0D537D4C38D2D69B01BF4F98B540763], X-XSRF-TOKEN=[8c21c671-bba4-4624-ada1-ff1e9e8f2e22]}
System.out.println(response.getHeaders());
{Server=[Apache-Coyote/1.1], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-XSS-Protection=[1; mode=block], X-Frame-Options=[DENY], X-Content-Type-Options=[nosniff], Set-Cookie=[JSESSIONID=7DBA84F6218BC9A8328A97587FC6293A; Path=/webapi/; HttpOnly], Content-Type=[text/html;charset=utf-8], Content-Language=[en], Content-Length=[1073], Date=[Thu, 20 Aug 2015 00:53:46 GMT], X-Android-Sent-Millis=[1440032027763], X-Android-Received-Millis=[1440032027805], X-Android-Response-Source=[NETWORK 403]}
而且,錯誤
System.out.println(response.getBody());
HTTP Status 403 - Expected CSRF token not found. Has your session expired?
我無法確定我必須做什麼,我正確地發送了標題,但無法發佈帖子。
修訂
我認爲這個錯誤有JSESSIONID的關係,而不是XSRF-TOKEN,我的第一個GET(獲取XSRF)會議是越來越過期後好歹。
看起來你有一些錯字。你寫'JSSESSIONID'而不是'JSESSIONID' - 注意雙s。 – Jireugi