Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

spring security showing 403 error while logging in using AJAX

Tags:

java

ajax

http-status-code-403

spring

spring-security

I know there are many questions already available, related to this error but I have tried almost everything, nothing fixed my issue.

when I sumbmitting my form in browser console, I am seeing 

Failed to load resource: the server responded with a status of 403 (Forbidden)

My project is in Spring 4.0.3, spring security 4.0.1, java 8 and running on wildfly 8.x server

my ajax call is 

 $.ajax({
           url: "j_spring_security_check",    
           data: $('#loginForm').serialize(), 
           type: "POST",
           beforeSend: function (xhr) {
              xhr.setRequestHeader("X-Ajax-call", "true");
           },
           success: function(result) {       
                if (result == "not-ok") {
                  $('.error').show();
                  $('.login-error').html(CREDENTIAL_CHECK) ;
                  return false;
                } else {
                    $('.error').hide();
                    document.location = result;
                }
           },
            error: function(XMLHttpRequest, textStatus, errorThrown){
                $('.error').show();
                $('.login-error').html(NETWORK_CHECK) ;
                return false; 
            }
        });

my security configuration:

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

I tried to set

<security:headers disabled="true" />

<security:csrf disabled="true" />

It is not working.in Server console also, I am not seeing any error.

What else can I do to fix this error? already I have wasted 2 days in this issue

like image 742
user3035305 Avatar asked May 21 '26 02:05

user3035305

1 Answers

that problem create CSFR Protection because in Spring Security 4.x is enabled default and all GET and POST request have token, when you dont create this token server show you 403 error. You can easily disable this security here you have xml conf http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html and java conf http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html

like image 68
Marcel F. Avatar answered May 22 '26 14:05

Marcel F.

Sign in to Comment

Related questions

Java Array Sorting based on multiple parameters
Play Framework 2.3.x scala - Application shutdown without exception
How to convert array of String in hex to array of int using Java? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!