I made some api with REST Spring. GET request works fine in Postman but when I try to do POST request I receive this error :
{
"timestamp": "2018-09-25T06:39:27.226+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/cidashboard/projects"
}
This is my controller :
@RestController
@RequestMapping(ProjectController.PROJECT_URL)
public class ProjectController {
public static final String PROJECT_URL = "/cidashboard/projects";
private final ProjectService projectService;
public ProjectController(ProjectService projectService) {
this.projectService = projectService;
}
@GetMapping
List<Project> getAllProjects(){
return projectService.findAllProjects();
}
@GetMapping("/{id}")
Project getProjectById(@PathVariable int id) {
return projectService.findProjectById(id);
}
@PostMapping
void addProject(@RequestBody Project newProject) {
projectService.saveProject(newProject);
}
}
Security configuration
initial I wanted to work with ldap, but in my application properties i left only the conection at database………………………………………………………………………………………………………………………………….
@EnableGlobalMethodSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**").permitAll();
// .anyRequest().fullyAuthenticated();
// .and()
// .formLogin().loginPage("/login").permitAll()
// .failureUrl("/login-error");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource(contextSource())
.passwordCompare()
//.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/static/**"); // #3
}
@Bean
public DefaultSpringSecurityContextSource contextSource() {
return new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
}
}
Loading
Собственно, проблема следующая:
Postman отрабатывает отлично и возвращает ожидаемый результат
А python на аналогичный запрос выдает 403 код. Хотя вроде как заголовки одинаковые. Что ему, собаке, не хватает?
import requests
from pprint import pprint
url = 'http://ovga.mos.ru:8080/_ajax/pass/list?search={%22grz%22:%22К239ММ159%22}&sort=validitydate&order=desc'
headers = {"X-Requested-With": "XMLHttpRequest",
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) '
'Chrome/54.0.2840.99 Safari/537.36',
}
response = requests.get(url, headers)
pprint(response)
<Response [403]>-
Вопрос заданболее двух лет назад
-
2535 просмотров
Ты не все заголовки передал. Postman по-умолчанию генерирует некоторые заголовки самостоятельно, вот так подключается нормально:
headers = {
'Host': 'ovga.mos.ru',
'User-Agent': 'Magic User-Agent v999.26 Windows PRO 11',
'Accept': '*/*',
'Accept-Encoding': 'gzip, deflate, br',
'Connection': 'keep-alive',
'X-Requested-With': 'XMLHttpRequest'
}
url = 'http://ovga.mos.ru:8080/_ajax/pass/list?search={"grz":"К239ММ159"}&sort=validitydate&order=desc'
response = requests.get(url, headers=headers)<Response [200]>
Пригласить эксперта
-
Показать ещё
Загружается…
03 июн. 2023, в 19:30
500 руб./за проект
03 июн. 2023, в 19:30
750 руб./в час
03 июн. 2023, в 19:06
2000 руб./за проект
Минуточку внимания
Thanks for building this useful tool.
Found today that Post/Put/Delete doesn’t work — it returns 403 forbidden.
This problem happens in multiple setup — mine, and 3 other coworkers.
- Postman doesn’t send out request at all. I add breakpoint in server side.
I followed http://blog.getpostman.com/2015/06/13/debugging-postman-requests/, it failed at xhr.send.
Please fix this as this will make postman totally not woking.
This is stack trace from postman:
background_page.js:447 POST …… 403 (Forbidden)
sendXhrRequest @ background_page.js:447
addToQueue @ background_page.js:536
onExternalMessage @ background_page.js:554
target.(anonymous function) @ extensions::SafeBuiltins:19
EventImpl.dispatchToListener @ extensions::event_bindings:388
target.(anonymous function) @ extensions::SafeBuiltins:19
publicClassPrototype.(anonymous function) @ extensions::utils:151
EventImpl.dispatch_ @ extensions::event_bindings:372
EventImpl.dispatch @ extensions::event_bindings:394
target.(anonymous function) @ extensions::SafeBuiltins:19
publicClassPrototype.(anonymous function) @ extensions::utils:151
messageListener @ extensions::messaging:207
target.(anonymous function) @ extensions::SafeBuiltins:19
EventImpl.dispatchToListener @ extensions::event_bindings:388
target.(anonymous function) @ extensions::SafeBuiltins:19
publicClassPrototype.(anonymous function) @ extensions::utils:151
EventImpl.dispatch_ @ extensions::event_bindings:372
EventImpl.dispatch @ extensions::event_bindings:394
target.(anonymous function) @ extensions::SafeBuiltins:19
publicClassPrototype.(anonymous function) @ extensions::utils:151
dispatchOnMessage @ extensions::messaging:334
I am trying to download a webpage using Postman from:
https://cookidoo.co.uk/recipes/recipe/en-GB/r252593
but I get a response from server as shown below and error 403 is quoted:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD>
<BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a
configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: 4SL0NvJZt4eLt9GqQHw-RsgEJLVCpyY1n5zROPtiolExUJcup2J8Lw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY>
</HTML>
I am not very familiar with postman or web technologies so any help would be gratefully received. I can download the page successfully in Safari. Am I missing some pertinent information in postman? Is it something to do with the website being a secure https site?
asked Oct 26, 2020 at 15:17
Some headers/ cookies are missing.
To recreate a request from the browser in Postman, open the developer tools in the Browser (press F12).
Go to the Network tab, do a right click on the request you want to rebuild in Postman (in this case it’s r252593) and select Copy/ Copy as cURL (bash).
In Postman, click the Import button, then select Raw text. Paste your clipboard (it contains the cURL copied in the browser) and click Continue.
This request in Postman returns the HTML of the page, it also has the same http status code (260) as the copied request in the browser:
answered Oct 26, 2020 at 15:34
2
I deleted a body that I was passing by mistake from another collection.
answered Oct 26, 2020 at 15:40