Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
parkito2016-09-29 13:43:31
Java
parkito, 2016-09-29 13:43:31

Why doesn't spring security let some requests through?

Hello. Help, please, to solve a problem.
Set up Spring security

<http realm="JavaStudy example" use-expressions="false"
          authentication-manager-ref="dao-auth"
          access-decision-manager-ref="accessDecisionManager">
        <intercept-url pattern="/admin**" access="Manager"/>
        <intercept-url pattern="/user**" access="userAvailable"/>
        <!--<intercept-url pattern="/admin/admin**" access="Manager"/>-->
        <!--<intercept-url pattern="/user/user**" access="userAvailable"/>-->
        <form-login login-page="/login" authentication-failure-url="/login-denied"
                    username-parameter="username" password-parameter="password"
                    default-target-url="/main"/>
        <logout invalidate-session="true" logout-success-url="/"
                logout-url="/"/>
        <access-denied-handler error-page="/denied"/>
        <session-management invalid-session-url="/">
            <concurrency-control max-sessions="1"
                                 expired-url="/login"/>
        </session-management>
        <!--remember me-->
        <remember-me token-validity-seconds="1209600"
                     remember-me-parameter="remember-me"
                     user-service-ref="userDetailsService"/>
    </http>

There are two servlets
@RequestMapping(value = "/userNumberOperations", method = RequestMethod.GET)
    public String userNumberOperations(HttpServletRequest request, Locale locale, Model model) {
        User user = (User) request.getSession().getAttribute("currentUser");
        model.addAttribute("contracts", contractService.getAllContractsForUser(user.getUserId()));
        return "user/userNumberOperations";
    }

And exactly the same, but with a different request method
@RequestMapping(value = "/userNumberOperations", method = RequestMethod.POST)
    public String userNumberOperations(HttpServletRequest request, Locale locale, Model model) {
        User user = (User) request.getSession().getAttribute("currentUser");
        model.addAttribute("contracts", contractService.getAllContractsForUser(user.getUserId()));
        return "user/userNumberOperations";
    }

Spring starts up on the first servlet. But when from the page via ajax
var xhr = new XMLHttpRequest();
                                xhr.open("POST", "userNumberOperations, false);
                                xhr.send();

I try to call the second one, security rejects the request and sends me to the /denied page.
Why does he do it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
aol-nnov, 2016-09-29
@aol-nnov

and cookies in XMLHttpRequest or other login-passwords will Pushkin invest?

Similar questions
P
pitimirov_a2015-07-05 21:33:07
Is it possible to exchange Android(JAVA) files with Website(PHP)? 2Reply
A
Arthur2019-11-17 03:55:20
Why does the bookmark icon still show as "Bookmark" after reloading the page? 3Reply
P
pomaz_andrew2017-09-20 15:52:55
How to identify packages not included in package.json? 3Reply
A
Andrey2015-06-18 18:36:47
Convert datetime given TimeZone from string? 1Reply
A
a1exkos2015-06-19 18:15:14
Where is the best place to look for a mid/high level java developer for a remote schedule? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question