angularspring-securitycross-domainspring-restcontroller
Why always redirected to the access denied page?
application POST submit doesn't enter to the spring REST controller. Instead of that request redirected to the access denied page according to "secure config" file mentioned.
system allowed to the all request from any external parties via spring security configuration.
but always request redirected to the access Denied Page
.exceptionHandling().accessDeniedPage("/accessDenied");
angular2 service
..........
.....
addHotel(hotelDTO){
let headers = new Headers({ 'Content-Type': 'application/json' });
let options = new RequestOptions({ headers: headers });
this._route_url = this._url+"/restHotelRegistration"
var result = this._http.post(this._route_url, JSON.stringify(hotelDTO),options)
.map(res => res.json());
return result;
}
......
...
REST Controller
@RequestMapping(value = "restHotelRegistration", method = RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Void> restSaveHotel(@RequestBody HotelDTO hotelDTO) {
System.out.println(">>>>> Fetching User with HotelName " + hotelDTO.getHotelName());
System.out.println(">>>>> Fetching User with Phone " + hotelDTO.getPhone());
.......
........
}
Security Config Class
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.formLogin()
.loginPage("/loginPage")
.usernameParameter("username").passwordParameter("password")
.successForwardUrl("/successLogin")
.defaultSuccessUrl("/successLogin",true).permitAll()
.loginProcessingUrl("/successLogin")
.failureUrl("/invalidLogin")
.and().csrf()
.ignoringAntMatchers("/login", "/logout")
.and().exceptionHandling().accessDeniedPage("/accessDenied")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/logout").permitAll();
}
==== Request and Response ====
======================================================================
JSON object
Solution
After disable the csrf filter its works.