//loin using index.jsp using form tag for rest behaviour using angular mvc
// route.js
var leavemanagement = angular.module('leavemanagement', [ 'ngResource',
'ngRoute', ]);
leavemanagement
.config(function($routeProvider, $httpProvider) {
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-TOKEN';
$httpProvider.defaults.xsrfCookieName = 'CSRF-TOKEN';
$routeProvider
.when(
'leavePolicyDetails',
{
templateUrl : "./resources/leave-management-angular-src/partials/leave_policy_details.html",
controller : 'admincontroller'
})
.when(
'/setLeavePolicy',
{
templateUrl : "./resources/leave-management-angular-src/partials/leave_policy.html",
controller : 'admincontroller'
});
});
leavemanagement.run(function($location, adminService) {
// adminService.home()
/*
* if (angular.equals($location.absUrl(),
* "http://localhost:8080/leavemanagement/successLogin")) {
* $location.path("/something"); adminService.login({ "username" : "usman",
* "password" : "passwprd" }); }
*/
});
// security.xml configuration using spring 4.0.1 please take a look
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<context:property-placeholder location="classpath:*.properties" />
<context:annotation-config />
<context:component-scan base-package="com.agami.leavemanagement.*" />
<import resource="./appServlet/servlet-context.xml" />
<bean id="csrfTokenRepository"
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
<property name="headerName" value="X-XSRF-TOKEN" />
</bean>
<bean id="authenticationHandller"
class="com.agami.leavemanagement.service.AuthenticationHandller">
</bean>
<security:http auto-config="true" use-expressions="true"
authentication-manager-ref="autManager">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/successLogin"
access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_PROMANAGER')" />
<security:intercept-url pattern="/user"
access="hasRole('ROLE_USER')" />
<security:form-login login-page="/"
login-processing-url="/login" username-parameter="username"
password-parameter="password" authentication-failure-url="/index?error=true"
authentication-success-handler-ref="authenticationHandller" />
<security:session-management>
<security:concurrency-control
max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:logout invalidate-session="true"
logout-success-url="/" delete-cookies="JSESSIONID" logout-url="/logout" />
<security:access-denied-handler
error-page="/error" />
<security:csrf />
</security:http>
<security:authentication-manager id="autManager">
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select
username,password,enabled from users where username=?"
authorities-by-username-query="select
username,authority from Authorities where username=?" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
// login.jsp using 'form' tag and with csrf token
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<title>Leave Management</title>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT">
</head>
<body>
<div class="row vertical-offset-100 login-space">
<div
class="col-lg-4 col-sm-8 col-xs-8 col-md-offset-2 col-lg-offset-4 col-sm-offset-2 col-xs-offset-2">
<div class="panel panel-default login-panel">
<div class="panel-heading login-panel-heading">
<div class="row-fluid user-row">
<c:if test="${not empty param.error}">
<h1 class="login_txt" style="color: red">Bad Credentials</h1>
</c:if>
<h1 class="login_txt">Login Form</h1>
</div>
</div>
<div class="panel-body">
<c:url var="loginUrl" value="/login"></c:url>
<form:form method="POST" action="${loginUrl}" commandName="user"
role="form" class="form-signin">
<fieldset>
<label class="panel-login">
<div class="login_result"></div>
</label>
<form:input path="username"
class="form-control transparent-input" placeholder="Username"
id="username" name='j_username' />
<form:password path="password"
class="form-control transparent-input" placeholder="Password"
id="password" name='j_password' />
<p class="keeplogin">
<a id="pwd" href="forgotPwd"
title="if you are a normal user or project Manager contact to admin"><label
class="forget_pwd" for="loginkeeping">Forget Password</label></a> <input
type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" /> <input
class="btn btn-lg btn-success btn-block login-btn"
type="submit" id="login" value="Login">
</p>
</fieldset>
</form:form>
</div>
</div>
</div>
</div>
</body>
</html>
“网络错误:403 禁止 - http://localhost:8080/leavemanagement/storeLeaveType” 我认为我收到此错误是因为我无法在 Angular 侧设置 csrf token 我用谷歌搜索了很多但没有得到答案,希望能在这里得到答案 谢谢。
最佳答案
我相信您需要在 JSP 中包含 Spring MVC 安全标记。这将设置 token ,以便将来的请求包含安全凭证。我有使用 Angular 和 Spring MVC 的经验,如果这仍然是一个问题,可以发布一些示例代码。该帖子已发布一个多月了,所以我不确定您是否仍然遇到问题
关于java - 我正在使用 xml 配置使用 angularjs 实现 spring security,但出现与 CSRF token 相关的错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30457545/