Invalid CSRF Token 'null' - spring-boot

I referred "https://github.com/mswiderski/jbpm-examples/tree/master/spring-boot-jbpm it runs well for GET request.
Now I am trying following code
#RequestMapping(value="/test" ,method=RequestMethod.POST)
public String test(#RequestBody String emp){
System.out.println("Your request is "+emp);
return " Hi ";
}
through POSTMAN but it gives me error as,
{
"timestamp": 1511946868300,
"status": 403,
"error": "Forbidden",
"message": "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.",
"path": "/test"
}
Please anyone help me to come out of it.

I had same issue and below trick works for me.
Set http.csrf().disable() inside configure method of your DefaultWebSecurityConfig Class.
Please refer https://docs.jboss.org/jbpm/release/7.12.0.Final/jbpm-docs/html_single/ [ 3.4.1.2. Configure authentication and authorization].
Hope this solution help you.

Related

How to set message for error reponse status in Spring MVC?

I have a spring mvc handler like this:
#PostMapping("jwtToken")
fun jwtToken(#RequestBody body: JWTToken)
{
val token = body.token
if(token.isNullOrBlank())
throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Empty token")
}
If i send it an incorrect input, that triggers the exception, i get a reponse body like this:
{
"timestamp": "2020-10-30T03:41:20.305+00:00",
"status": 401,
"error": "Unauthorized",
"message": "",
"path": "/auth/jwtToken"
}
Why is the 'message' field empty in the response when i did assign a message to the exception? How do i set the message field
It might be related to the updated behaviour of the Spring Boot.
https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.3-Release-Notes#changes-to-the-default-error-pages-content
server.error.include-message=always
in .properties should do the trick but I prefer to use my own extended classes like this:
class CustomException(message: String): Exception(message) { ... }

Why Am I Getting Authorization Failed for Pinterest App?

I just ran the command below on my newly created app and get Authorization Failed message. I ran the Token Debugger and the access token is good. How do I fix this?
https://api.pinterest.com/v1/me/pins/?access_token=<ACCESS-TOKEN>&fields=id,creator,note&limit=1
Response:
{
"status": "failure",
"code": 3,
"data": null,
"message": "Authorization failed.",
"endpoint_name": "get_own_pins"
}
You need to include your access token with the api.pinterest.com url
https://api.pinterest.com/v1/me/pins/?
access_token=<YOUR-ACCESS-TOKEN>
&fields=id,note
&limit=1
Replace <YOUR-ACCESS-TOKEN> with your pinterest access token

How exception is serialized to json in filter?

In a method of a filter I throw two different exceptions based on different condition:
throw new InvalidRequestException("no access token in Authorization");
and
throw new InvalidTokenException("access token has expired, but there's no refresh token");
I managed to trigger two exceptions, but the responses in postman were different:
For InvalidRequestException:
{
"timestamp": "2018-10-11T13:36:55.781+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/api/account"
}
For InvalidTokenException:
{
"error": "invalid_token",
"error_description": "Access token expired: token details...."
}
I checked both exception extends ClientAuthenticationException, why the format of response differ?
How can I custom the exception handler for those thrown in filter?
It's probably due to how JHipster translates some known exception types for Zalando's problem library. See ExceptionTranslator.java

Can you change the 401 error response?

My question is, can you change the structure of the response of the 401 error message?
{
"error": "unauthorized",
"error_description": "No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken"
}
for example
{
"timestamp" : 123124354,
"status" : 401,
"message" : "The username or password are not valid!"
}
This was answered a while ago: Modify default JSON error response from Spring Boot Rest Controller. Checking the reference guide I would recommend going with the #ControllerAdvice to give you the most flexibility on defining how the JSON response is returned.

JSON PARSE ERROR 200 Unexpected token

I got this error from my jquery ajax request. ERROR 200 Unexpected token
Here is my JSON :
{
"data": [
{
"answer": "sofo",
"email": "jk#gmail.com",
"secretquestion": "bestfriend"
}
],
"status": 1,
"message": "Success!"
}
I validated on JSONLint and i got Unexpected token. I cant understand my fault. Do u have any ideas?
Thank you
The JSON is valid. There may be a difference in the token name (a spelling mistake?) when you are deserializing it.

Resources