TransWikia.com

Recieving a object posted by HTTP.POST

Stack Overflow Asked on November 15, 2021

Hello I’m trying to make a email confirmation api for my spring app
user needs to type his/her name, notes, company/job, email. After
receiving this object I want to send a confirmation link to email.

This is the HTML code:

<form method="POST" th:object="${Signature}">
   <label>Name : </label>
   <input id="inputName" type="text" th:field="*{name}">
   <label>Note : </label>
   <input id="inputNote" type="text" th:field="*{note}">
   <br>
   <label>Company : </label>
   <input id="inputCompany" type="text" th:field="*{company}">
   <label>Contact Info : </label>
   <input id="inputContact" type="email" th:field="*{email}" placeholder="This info will not be shared">
   <button>Submit</button>
   <br>
</form>

This is Controller

@Controller
@RequestMapping("/")
public class RootController
{
   @GetMapping
   public String root(Model model)
   {
      model.addAttribute("Signature", new Signature());
      return "Public/Home";
   }
   
   @PostMapping
   public String signPosted(Signature s)
   {
      System.out.println("Post Received");
      
      return "redirect:/thanks";
   }
}

note:even though application is on root("/") users have to go to /#contact when they are posting

this is the object class

import lombok.Data;

import javax.validation.constraints.NotBlank;

@Data
public class Signature
{
   //@NotBlank(message="Name is required")
   private String name;
   
   private String note;
   
   //@NotBlank(message="Name is required")
   private String email;
   
   //@NotBlank(message="Name is required")
   private String company;
   
   public Signature(){}
   
   public Signature(String name,
                    String note,
                    String email,
                    String company)
   {
      this.name = name;
      this.note = note;
      this.email = email;
      this.company = company;
   }
}

when i click the submit button it takes you to error page and the message is

There was an unexpected error (type=Forbidden, status=403).

my security configuration is

http
    .authorizeRequests()
    .antMatchers("/admin/**")
    .authenticated()
    .antMatchers("/**")
    .permitAll()
    .anyRequest()
    .authenticated()
    .and()
    .httpBasic();
http postspringspring bootspring securitythymeleaf

One Answer

It's because you haven't disable CSRF protection (enabled for every HTTP verbs except GET) in your Spring Security configuration and at the same time you haven't sent a CSRF token in your HTML form.

Try this Spring Security configuration if you want to disable CSRF protection :

http
    .csrf().disable()
    .authorizeRequests()
    .antMatchers("/admin/**")
    .authenticated()
    .antMatchers("/**")
    .permitAll()
    .anyRequest()
    .authenticated()
    .and()
    .httpBasic();

Try this if you want to keep CSRF protection and add a CSRF token in your HTML form :

<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>

Answered by Fabien on November 15, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP