DEVHIDE
Login Or Sign up

Spring in Kotlin: Spring Security gives me forbidden message despite i'm logged in

62 Views Asked by At

I have my spring server working already. I added the spring-security dependency to the gradle. logged in with the provided password, I can access all the pages with their links directly, and move from one page to another, except one page that I get a forbidden message (403) when I submit the details in it. The page provide an image with checkboxes for the logged in user to design his/her taco and submit it to the orders page.

this part stopped working for no reason and started to give me the 403 message. what is the issue with it? the dependency i used: implementation("org.springframework.boot:spring-boot-starter-security") the controller works fine until it reaches the @PostMapping code:


@Controller
@RequestMapping("/design")
@SessionAttributes("tacoOrder")
class DesignTacoController(
    @Autowired private val ingredientsRepository: IngredientsRepository
) {

    @ModelAttribute
    fun addIngredientsToModel(model: Model) {
        val ingredients = ingredientsRepository.findAll()
        val types: Array<Type> = Type.values()
        for (type in types) {
            model.addAttribute(
                type.toString().lowercase(), //Name to be used in View
                filterByType(ingredients.toList(), type)
            ) //Value
        }
    }

    @ModelAttribute(name = "tacoOrder")
    fun order(): TacoOrder {
        return TacoOrder()
    }

    @ModelAttribute(name = "taco")
    fun taco(): Taco {
        return Taco()
    }

    @GetMapping
    fun showDesignForm(): String = "design"

    private fun filterByType(ingredients: List<Ingredients>, type: Type): Iterable<Ingredients> {
        return ingredients
            .stream()
            .filter { it.type == type }
            .collect(Collectors.toList())
    }

    @PostMapping
    fun processTaco(
        taco: Taco,
        bindingResult: BindingResult,
        @ModelAttribute tacoOrder: TacoOrder,
    ): String {
        checkTaco(taco, bindingResult)
        if (bindingResult.hasErrors()) return "design"
        tacoOrder.addTaco(taco)
        println("Processing Taco:$taco")
        return "redirect:/orders/current"
    }

    private fun checkTaco(taco: Taco, bindingResult: BindingResult) {
        if (taco.name.length < 5) bindingResult.addError(FieldError("name", "name", "Name Should be longer than 5 Characters."))
        if (taco.ingredient.isEmpty()) bindingResult.addError(FieldError("taco", "ingredient", "You should have at least one ingredient."))
    }
}
spring spring-security spring-kotlin
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

Spring Security enables CSRF protection by default, that caused the 403 response on the POST request.

you can either disable the CSRF from the configuration or add the csrf to the POST Request.

like for my situation i only needed to add one field to the form th:action="@{/design}"

this is it...

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in SPRING-KOTLIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.