4

Good Day,

I am trying to learn Spring. I am currently doing this guide: http://spring.io/guides/gs/consuming-rest/

I have followed all instructions, however, when I try to run the application, 403 Forbidden is displayed.

I searched the net and found out that it is due to the csrf protection. And so, I proceeded to search the net how to disable csrf. Here is my Java configuration:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();
    }
}

My question is, how do I use this configuration? Specifically, at which part of the code should I insert it?

Here are the other 2 classes as stated in the tutorial. All of them belong to the same package (Hello).

@JsonIgnoreProperties(ignoreUnknown = true)
public class Page {
    private String name;
    private String about;
    private String phone;
    private String website;

    public String getName() {
        return name;
    }

    public String getAbout() {
        return about;
    }

    public String getPhone() {
        return phone;
    }

    public String getWebsite() {
        return website;
    }
}

public class Application {

    public static void main(String[] args) {
        RestTemplate restTemplate = new RestTemplate();
        Page page = restTemplate.getForObject("http://graph.facebook.com/pivotalsoftware", Page.class);
        System.out.println("Name:       " + page.getName());
        System.out.println("About:      " + page.getAbout());
        System.out.println("Phone:      " + page.getPhone());
        System.out.println("Website:    " + page.getWebsite());
    }

}
Improve this question
9
  • Good day :) The guide linked is for a project "consuming REST" (i.e. client side). CSRF protection is something that is set up on the server side, not the client side (or it would be a silly protection ;p). Commented Apr 26, 2015 at 8:57
  • I see. So how do you explain why I keep getting the 403 Forbidden error message? Commented Apr 26, 2015 at 12:26
  • No 403 from here: gist.github.com/Regisc/65c1290cdc8feadad3c7 Commented Apr 26, 2015 at 12:33
  • Where did you get that result? I tried graph.facebook.com/pivotalsoftware in the browser and it is successful. However, when I tried it in Spring using the tutorial, I get a 403 Forbidden error. Commented Apr 26, 2015 at 12:42
  • I used some command line tool, maybe you should post your current code Commented Apr 26, 2015 at 13:14

2 Answers 2

Reset to default
1

Add @Configuration on the WebSecurityConfig class and it will be automatically scanned when you will launch your Spring Application. You don't need to write any code.

Here is the code with @Configuration

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Sadly, putting @Configuration did not work. I tried to run the Application.java and Error 403 Forbidden is displayed. WebSecurityConfig.java is in the same package with both Application.java and Page.java
0

Make sure that your url is valid.

In my case the url was generated by code and was in different case so I got 403 forbidden error. Spend lot of time trying to fix the issue by enabling security config.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.