Cordova POST - 请求禁止 403.未到达 Dispatcher Servlet [英] Cordova POST - Request Forbidden 403. Not reaching Dispatcher Servlet

查看:50
本文介绍了Cordova POST - 请求禁止 403.未到达 Dispatcher Servlet的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发 Cordova 应用程序.

I am developing a Cordova application.

当我从在我的物理设备(不是模拟器)上运行的 Cordova 应用程序提交 $.ajax POST 请求时,我收到一个状态代码 403 forbidden.

When I submit an $.ajax POST request from the Cordova app running on my physical device (not emulator) I receive a status code 403 forbidden.

我可以从设备发出 GET 请求,没问题.我也可以使用 POST 登录(接收 302 Found Response).

I can make a GET request from the device no problem. I can also login using a POST (receiving a 302 Found Response).

来自 Chrome 的请求得到完美处理.

Requests from Chrome are handled perfectly.

我正在使用 Spring/Tomcat.我在我的 tomcat web.xml 中添加了 CORS 过滤器,并在 Cordova 的 config.xml 中添加了 allow-origins *.

I am using Spring / Tomcat. I have added CORS filter to my tomcat web.xml, and have added allow-origins * to my config.xml in Cordova.

以下是我发出 POST 请求时产生的日志摘录,首先来自 Chrome,其次来自我的设备.

Below is the log extracts produced when I make the POST request, first from Chrome, secondly from my Device.

Chrome 请求:

org.springframework.security.web.FilterChainProxy:/submit-check at position 1 of 11 of 11 in additional filter chain;触发过滤器:'WebAsyncManagerIntegrationFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 2 个位置,共 11 个;触发过滤器:'SecurityContextPersistenceFilter'org.springframework.security.web.context.HttpSessionSecurityContextRepository:当前不存在 HttpSessionorg.springframework.security.web.context.HttpSessionSecurityContextRepository:HttpSession 中没有可用的 SecurityContext:null.将创建一个新的.org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 3 个位置,共 11 个;发射过滤器:'HeaderWriterFilter'org.springframework.security.web.header.writers.HstsHeaderWriter:不注入 HSTS 标头,因为它与 requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 不匹配org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 4 个位置,共 11 个;发射过滤器:'LogoutFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/j_spring_security_logout'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 5 个位置,共 11 个;发射过滤器:'UsernamePasswordAuthenticationFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/j_spring_security_check'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链的第 6 个位置,共 11 个;发射过滤器:'RequestCacheAwareFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 7 个位置,共 11 个;触发过滤器:'SecurityContextHolderAwareRequestFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链的第 8 个位置,共 11 个;发射过滤器:'AnonymousAuthenticationFilter'org.springframework.security.web.authentication.AnonymousAuthenticationFilter:使用匿名令牌填充 SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:主体:anonymousUser;凭据:[受保护];已认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1;会话 ID:空;授予权限:ROLE_ANONYMOUS'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 9 个位置,共 11 个;触发过滤器:'SessionManagementFilter'org.springframework.security.web.session.SessionManagementFilter:请求的会话 ID 2BB345F22D731DB9A10B0BB65950502D 无效.org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 10 个位置;触发过滤器:'ExceptionTranslationFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 11 个位置;发射过滤器:'FilterSecurityInterceptor'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/**.html'org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试身份验证org.springframework.security.web.FilterChainProxy:/submit-check 到达附加过滤器链的末端;继续原链org.springframework.web.servlet.DispatcherServlet: DispatcherServlet 名为dispatcher"处理 [/ab/submit-check] 的 POST 请求org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:查找路径/提交检查的处理程序方法org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)]org.springframework.beans.factory.support.DefaultListableBeanFactory:返回单例 bean 'mobileNavigation' 的缓存实例org.springframework.web.servlet.DispatcherServlet:Null ModelAndView 返回给 DispatcherServlet,名为dispatcher":假设 HandlerAdapter 完成请求处理org.springframework.web.servlet.DispatcherServlet:请求成功完成org.springframework.security.web.access.ExceptionTranslationFilter:链正常处理org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext 为空或内容是匿名的 - 上下文不会存储在 HttpSession 中.org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder 现在已清除,因为请求处理已完成

org.springframework.security.web.FilterChainProxy: /submit-check at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' org.springframework.security.web.context.HttpSessionSecurityContextRepository: No HttpSession currently exists org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: null. A new one will be created. org.springframework.security.web.FilterChainProxy: /submit-check at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' org.springframework.security.web.header.writers.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org.springframework.security.web.FilterChainProxy: /submit-check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_logout' org.springframework.security.web.FilterChainProxy: /submit-check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_check' org.springframework.security.web.FilterChainProxy: /submit-check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' org.springframework.security.web.authentication.AnonymousAuthenticationFilter: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' org.springframework.security.web.FilterChainProxy: /submit-check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' org.springframework.security.web.session.SessionManagementFilter: Requested session ID 2BB345F22D731DB9A10B0BB65950502D is invalid. org.springframework.security.web.FilterChainProxy: /submit-check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/**.html' org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Public object - authentication not attempted org.springframework.security.web.FilterChainProxy: /submit-check reached end of additional filter chain; proceeding with original chain org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'dispatcher' processing POST request for [/ab/submit-check] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /submit-check org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Returning handler method [public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)] org.springframework.beans.factory.support.DefaultListableBeanFactory: Returning cached instance of singleton bean 'mobileNavigation' org.springframework.web.servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling org.springframework.web.servlet.DispatcherServlet: Successfully completed request org.springframework.security.web.access.ExceptionTranslationFilter: Chain processed normally org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

Cordova 请求

org.springframework.security.web.FilterChainProxy:/submit-check at position 1 of 11 of 11 in additional filter chain;触发过滤器:'WebAsyncManagerIntegrationFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 2 个位置,共 11 个;触发过滤器:'SecurityContextPersistenceFilter'org.springframework.security.web.context.HttpSessionSecurityContextRepository:当前不存在 HttpSessionorg.springframework.security.web.context.HttpSessionSecurityContextRepository:HttpSession 中没有可用的 SecurityContext:null.将创建一个新的.org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 3 个位置,共 11 个;发射过滤器:'HeaderWriterFilter'org.springframework.security.web.header.writers.HstsHeaderWriter:不注入 HSTS 标头,因为它与 requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 不匹配org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 4 个位置,共 11 个;发射过滤器:'LogoutFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/j_spring_security_logout'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 5 个位置,共 11 个;发射过滤器:'UsernamePasswordAuthenticationFilter'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/j_spring_security_check'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链的第 6 个位置,共 11 个;发射过滤器:'RequestCacheAwareFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 7 个位置,共 11 个;触发过滤器:'SecurityContextHolderAwareRequestFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链的第 8 个位置,共 11 个;发射过滤器:'AnonymousAuthenticationFilter'org.springframework.security.web.authentication.AnonymousAuthenticationFilter:使用匿名令牌填充 SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640:主体:anonymousUser;凭据:[受保护];已认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@7798:RemoteIpAddress:192.168.1.5;会话 ID:空;授予权限:ROLE_ANONYMOUS'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 9 个位置,共 11 个;触发过滤器:'SessionManagementFilter'org.springframework.security.web.session.SessionManagementFilter:请求的会话 ID F26DAEDA16CA5DAE443ABF8A4ADD836F 无效.org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 10 个位置;触发过滤器:'ExceptionTranslationFilter'org.springframework.security.web.FilterChainProxy:/submit-check 在附加过滤器链中的第 11 个位置;发射过滤器:'FilterSecurityInterceptor'org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求匹配:'/submit-check';反对'/**.html'org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试身份验证org.springframework.security.web.FilterChainProxy:/submit-check 到达附加过滤器链的末端;继续原链org.springframework.security.web.access.ExceptionTranslationFilter:链正常处理org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext 为空或内容是匿名的 - 上下文不会存储在 HttpSession 中.org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder 现在已清除,因为请求处理已完成

org.springframework.security.web.FilterChainProxy: /submit-check at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' org.springframework.security.web.context.HttpSessionSecurityContextRepository: No HttpSession currently exists org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: null. A new one will be created. org.springframework.security.web.FilterChainProxy: /submit-check at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' org.springframework.security.web.header.writers.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org.springframework.security.web.FilterChainProxy: /submit-check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_logout' org.springframework.security.web.FilterChainProxy: /submit-check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_check' org.springframework.security.web.FilterChainProxy: /submit-check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' org.springframework.security.web.authentication.AnonymousAuthenticationFilter: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 192.168.1.5; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' org.springframework.security.web.FilterChainProxy: /submit-check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' org.springframework.security.web.session.SessionManagementFilter: Requested session ID F26DAEDA16CA5DAE443ABF8A4ADD836F is invalid. org.springframework.security.web.FilterChainProxy: /submit-check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/**.html' org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Public object - authentication not attempted org.springframework.security.web.FilterChainProxy: /submit-check reached end of additional filter chain; proceeding with original chain org.springframework.security.web.access.ExceptionTranslationFilter: Chain processed normally org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

日志是相同的,除了来自 Chrome 的请求中的这些行:

The logs are identical, except for these lines which are in the request originating from Chrome:

org.springframework.web.servlet.DispatcherServlet: DispatcherServlet 名为dispatcher"处理 [/ab/submit-check] 的 POST 请求org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:查找路径/提交检查的处理程序方法org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)]org.springframework.beans.factory.support.DefaultListableBeanFactory:返回单例 bean 'mobileNavigation' 的缓存实例org.springframework.web.servlet.DispatcherServlet:Null ModelAndView 返回给 DispatcherServlet,名为dispatcher":假设 HandlerAdapter 完成请求处理org.springframework.web.servlet.DispatcherServlet:请求成功

org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'dispatcher' processing POST request for [/ab/submit-check] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /submit-check org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Returning handler method [public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)] org.springframework.beans.factory.support.DefaultListableBeanFactory: Returning cached instance of singleton bean 'mobileNavigation' org.springframework.web.servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling org.springframework.web.servlet.DispatcherServlet: Successfully completed request

出于某种原因,来自 Cordova 的请求没有被发送到 Spring 的 DispatcherServlet,我不知道为什么不这样做.

For some reason the request originating from Cordova is not being sent to Spring's DispatcherServlet and I am at a loss as to why not.

我已经安装了 Weinre 进行远程调试,Chrome 和 Cordova 发送的请求数据似乎完全相同(尽管 Weinre 遗漏了大部分标头信息).

I have installed Weinre to remote debug and the request data sent by Chrome and Cordova seems to be identical (though Weinre misses off most of the header information).

推荐答案

已设法解决此问题.

问题是在我的 tomcat web.xml(conf 中的 tomcat global web.xml)中有一个 CORS 过滤器.对于不需要存在的 Cordova 应用.

The issue was having a CORS filter in my tomcat web.xml (the tomcat global web.xml in conf). For a Cordova app that doesn't need to be there.

Cordova 通过标头Origin : file://"发送请求.如果在 Tomcat 中设置了 CORS 过滤器,则请求将失败.

Cordova sends a request through having header "Origin : file://". If the CORS filter is set in Tomcat then the request will fail.

从 web.xml 中删除 CORS 过滤器有效,我现在可以发布数据.

Removing the CORS filter from the web.xml works and I can now POST data.

这篇关于Cordova POST - 请求禁止 403.未到达 Dispatcher Servlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
服务器开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆