Cordova POST - Request Forbidden 403.未达到Dispatcher Servlet [英] Cordova POST - Request Forbidden 403. Not reaching Dispatcher Servlet

查看:2458
本文介绍了Cordova POST - Request Forbidden 403.未达到Dispatcher Servlet的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发一个Cordova应用程序。

I am developing a Cordova application.

当我从运行在我的物理设备(不是模拟器)上的Cordova应用程序提交$ .ajax POST请求时,状态代码403被禁止。

When I submit an $.ajax POST request from the Cordova app running on my physical device (not emulator) I receive a status code 403 forbidden.

我可以从设备发出GET请求没有问题。我也可以使用POST登录(接收302个找到的响应)。

I can make a GET request from the device no problem. I can also login using a POST (receiving a 302 Found Response).

来自Chrome的请求被完美处理。

Requests from Chrome are handled perfectly.

我使用的是Spring / Tomcat。我已经添加CORS过滤器到我的tomcat web.xml,并添加了allow-origins *到我的config.xml在Cordova。

I am using Spring / Tomcat. I have added CORS filter to my tomcat web.xml, and have added allow-origins * to my config.xml in Cordova.

下面是我生产的日志提取首先从Chrome,然后从我的设备发出POST请求。

Below is the log extracts produced when I make the POST request, first from Chrome, secondly from my Device.

Chrome请求


org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置1的11;启动过滤器:'WebAsyncManagerIntegrationFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置2的11;激活过滤器:'SecurityContextPersistenceFilter'
org.springframework.security.web.context.HttpSessionSecurityContextRepository:没有HttpSession当前存在
org.springframework.security.web.context.HttpSessionSecurityContextRepository:没有SecurityContext可从HttpSession:空值。将创建一个新的。
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置3的11;烧写过滤器:'HeaderWriterFilter'
org.springframework.security.web.header.writers.HstsHeaderWriter:没有注入HSTS头,因为它不匹配requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter $ SecureRequestMatcher @ 461e0eb8
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置4的11处;烧写过滤器:'LogoutFilter'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';对于'/ j_spring_security_logout'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置5的11;启动过滤器:'UsernamePasswordAuthenticationFilter'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';对于'/ j_spring_security_check'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置6的11;激发过滤器:'RequestCacheAwareFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置7的11;发射过滤器:'SecurityContextHolderAwareRequestFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置8的11;启动过滤器:'AnonymousAuthenticationFilter'
org.springframework.security.web.authentication.AnonymousAuthenticationFilter:使用匿名令牌填充的SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:Principal:anonymousUser;凭证:[PROTECTED];验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; sessionId:null;授予权限:ROLE_ANONYMOUS'
org.springframework.security.web.FilterChainProxy:/提交检查在附加过滤器链中的位置9的11;启动过滤器:'SessionManagementFilter'
org.springframework.security.web.session.SessionManagementFilter:请求的会话ID 2BB345F22D731DB9A10B0BB65950502D无效。
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中11的位置10;发布过滤器:'ExceptionTranslationFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在11位置的附加过滤器链;激发过滤器:'FilterSecurityInterceptor'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';反对'/**.html'
org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试认证
org.springframework.security.web.FilterChainProxy:/ submit-check到达附加滤波链的末端;继续原始链
org.springframework.web.servlet.DispatcherServlet:DispatcherServlet,名称为'dispatcher'处理POST请求[/ ab / submit-check]
org.springframework.web.servlet.mvc。 method.annotation.RequestMappingHandlerMapping:查找路径/提交检查的处理程序方法
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)]
org.springframework.beans.factory.support.DefaultListableBeanFactory:返回单例bean的缓存实例'mobileNavigation'
org。 springframework.web.servlet.DispatcherServlet:Null ModelAndView返回给DispatcherServlet,名称为'dispatcher':假设HandlerAdapter完成了请求处理
org.springframework.web.servlet.DispatcherServlet:成功完成请求
org.springframework.security .web.access.ExceptionTranslationFilter:Chain正常处理
org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。
org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder现在清除,请求处理完成

org.springframework.security.web.FilterChainProxy: /submit-check at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' org.springframework.security.web.context.HttpSessionSecurityContextRepository: No HttpSession currently exists org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: null. A new one will be created. org.springframework.security.web.FilterChainProxy: /submit-check at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' org.springframework.security.web.header.writers.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org.springframework.security.web.FilterChainProxy: /submit-check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_logout' org.springframework.security.web.FilterChainProxy: /submit-check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_check' org.springframework.security.web.FilterChainProxy: /submit-check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' org.springframework.security.web.authentication.AnonymousAuthenticationFilter: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' org.springframework.security.web.FilterChainProxy: /submit-check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' org.springframework.security.web.session.SessionManagementFilter: Requested session ID 2BB345F22D731DB9A10B0BB65950502D is invalid. org.springframework.security.web.FilterChainProxy: /submit-check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/**.html' org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Public object - authentication not attempted org.springframework.security.web.FilterChainProxy: /submit-check reached end of additional filter chain; proceeding with original chain org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'dispatcher' processing POST request for [/ab/submit-check] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /submit-check org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Returning handler method [public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)] org.springframework.beans.factory.support.DefaultListableBeanFactory: Returning cached instance of singleton bean 'mobileNavigation' org.springframework.web.servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling org.springframework.web.servlet.DispatcherServlet: Successfully completed request org.springframework.security.web.access.ExceptionTranslationFilter: Chain processed normally org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

Cordova请求


org.springframework.security.web.FilterChainProxy:/ submit-check在附加筛选器的位置1链;启动过滤器:'WebAsyncManagerIntegrationFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置2的11;激活过滤器:'SecurityContextPersistenceFilter'
org.springframework.security.web.context.HttpSessionSecurityContextRepository:没有HttpSession当前存在
org.springframework.security.web.context.HttpSessionSecurityContextRepository:没有SecurityContext可从HttpSession:空值。将创建一个新的。
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置3的11;烧写过滤器:'HeaderWriterFilter'
org.springframework.security.web.header.writers.HstsHeaderWriter:没有注入HSTS头,因为它不匹配requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter $ SecureRequestMatcher @ 461e0eb8
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置4的11处;烧写过滤器:'LogoutFilter'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';对于'/ j_spring_security_logout'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置5的11;启动过滤器:'UsernamePasswordAuthenticationFilter'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';对于'/ j_spring_security_check'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置6的11;激发过滤器:'RequestCacheAwareFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置7的11;发射过滤器:'SecurityContextHolderAwareRequestFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中的位置8的11;烧写过滤器:'AnonymousAuthenticationFilter'
org.springframework.security.web.authentication.AnonymousAuthenticationFilter:使用匿名令牌填充的SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640:Principal:anonymousUser;凭证:[PROTECTED];验证:true;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@7798:RemoteIpAddress:192.168.1.5; SessionId:null;授予权限:ROLE_ANONYMOUS'
org.springframework.security.web.FilterChainProxy:/提交检查在附加过滤器链中的位置9的11;激发过滤器:'SessionManagementFilter'
org.springframework.security.web.session.SessionManagementFilter:请求的会话ID F26DAEDA16CA5DAE443ABF8A4ADD836F无效。
org.springframework.security.web.FilterChainProxy:/ submit-check在附加过滤器链中11的位置10;发布过滤器:'ExceptionTranslationFilter'
org.springframework.security.web.FilterChainProxy:/ submit-check在11位置的附加过滤器链;激发过滤器:'FilterSecurityInterceptor'
org.springframework.security.web.util.matcher.AntPathRequestMatcher:检查请求的匹配:'/ submit-check';反对'/**.html'
org.springframework.security.web.access.intercept.FilterSecurityInterceptor:公共对象 - 未尝试认证
org.springframework.security.web.FilterChainProxy:/ submit-check到达附加滤波链的末端;继续原链
org.springframework.security.web.access.ExceptionTranslationFilter:链处理正常
org.springframework.security.web.context.HttpSessionSecurityContextRepository:SecurityContext是空的或内容是匿名的 - 上下文不会存储在HttpSession中。
org.springframework.security.web.context.SecurityContextPersistenceFilter:SecurityContextHolder现在清除,请求处理完成

org.springframework.security.web.FilterChainProxy: /submit-check at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' org.springframework.security.web.context.HttpSessionSecurityContextRepository: No HttpSession currently exists org.springframework.security.web.context.HttpSessionSecurityContextRepository: No SecurityContext was available from the HttpSession: null. A new one will be created. org.springframework.security.web.FilterChainProxy: /submit-check at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' org.springframework.security.web.header.writers.HstsHeaderWriter: Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@461e0eb8 org.springframework.security.web.FilterChainProxy: /submit-check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_logout' org.springframework.security.web.FilterChainProxy: /submit-check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/j_spring_security_check' org.springframework.security.web.FilterChainProxy: /submit-check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' org.springframework.security.web.authentication.AnonymousAuthenticationFilter: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90550640: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@7798: RemoteIpAddress: 192.168.1.5; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' org.springframework.security.web.FilterChainProxy: /submit-check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' org.springframework.security.web.session.SessionManagementFilter: Requested session ID F26DAEDA16CA5DAE443ABF8A4ADD836F is invalid. org.springframework.security.web.FilterChainProxy: /submit-check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' org.springframework.security.web.FilterChainProxy: /submit-check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' org.springframework.security.web.util.matcher.AntPathRequestMatcher: Checking match of request : '/submit-check'; against '/**.html' org.springframework.security.web.access.intercept.FilterSecurityInterceptor: Public object - authentication not attempted org.springframework.security.web.FilterChainProxy: /submit-check reached end of additional filter chain; proceeding with original chain org.springframework.security.web.access.ExceptionTranslationFilter: Chain processed normally org.springframework.security.web.context.HttpSessionSecurityContextRepository: SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. org.springframework.security.web.context.SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

日志除了来自Chrome的请求中的这些行:

The logs are identical, except for these lines which are in the request originating from Chrome:


org.springframework.web.servlet.DispatcherServlet:DispatcherServlet名称'dispatcher'处理[/ ab / submit-check]的POST请求
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:查找路径/提交检查的处理程序方法
org .springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)]
org.springframework.beans.factory.support.DefaultListableBeanFactory:返回单例bean的缓存实例'mobileNavigation'
org.springframework.web.servlet.DispatcherServlet:Null ModelAndView返回给DispatcherServlet,名称为'dispatcher':假设HandlerAdapter已完成的请求处理
org.springframework.web.servlet.DispatcherServlet:已成功完成请求

org.springframework.web.servlet.DispatcherServlet: DispatcherServlet with name 'dispatcher' processing POST request for [/ab/submit-check] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Looking up handler method for path /submit-check org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: Returning handler method [public org.springframework.web.servlet.ModelAndView com.gm.ab.controller.MobileNavigation.save(java.lang.String)] org.springframework.beans.factory.support.DefaultListableBeanFactory: Returning cached instance of singleton bean 'mobileNavigation' org.springframework.web.servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling org.springframework.web.servlet.DispatcherServlet: Successfully completed request

由于某种原因,

我已经安装了Weinre远程调试和Chrome和Cordova发送的请求数据似乎是相同的(虽然Weinre缺少大部分头信息)。

I have installed Weinre to remote debug and the request data sent by Chrome and Cordova seems to be identical (though Weinre misses off most of the header information).

推荐答案

问题是在我的tomcat web.xml中有一个CORS过滤器(在conf中的tomcat全局web.xml)。对于不需要在那里的Cordova应用程式。

The issue was having a CORS filter in my tomcat web.xml (the tomcat global web.xml in conf). For a Cordova app that doesn't need to be there.

Cordova通过标题Origin:file://发送请求。如果CORS过滤器在Tomcat中设置,则请求将失败。

Cordova sends a request through having header "Origin : file://". If the CORS filter is set in Tomcat then the request will fail.

从web.xml中移除CORS过滤器,现在我可以POST数据。

Removing the CORS filter from the web.xml works and I can now POST data.

这篇关于Cordova POST - Request Forbidden 403.未达到Dispatcher Servlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
服务器开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆