3

Getting 403 forbidden for below code, though "https://jsonplaceholder.typicode.com/posts/1" works in postman

@ComponentScan
@EnableAutoConfiguration
public class Application {
    public static void main(String[] args) {

        RestTemplate rt = new RestTemplate();
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
        HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
        String url = "https://jsonplaceholder.typicode.com/posts/1";
        ResponseEntity<String> res = rt.exchange(url, HttpMethod.GET, entity, String.class);

        System.out.println(res);
    }
}

Error:

23:28:21.447 [main] DEBUG o.s.web.client.RestTemplate - Created GET request for "https://jsonplaceholder.typicode.com/posts/1"
23:28:21.452 [main] DEBUG o.s.web.client.RestTemplate - Setting request Accept header to [text/plain, application/json, application/*+json, */*]
23:28:21.452 [main] DEBUG o.s.web.client.RestTemplate - Writing [parameters] using [org.springframework.http.converter.StringHttpMessageConverter@3234e239]
23:28:21.855 [main] WARN  o.s.web.client.RestTemplate - GET request for "https://jsonplaceholder.typicode.com/posts/1" resulted in 403 (Forbidden); invoking error handler
Exception in thread "main" org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
    at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:598)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:556)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:512)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:454)
    at restFulWS.Application.main(Application.java:21)

Updated: Header snapshot from postman

Access-Control-Allow-Credentials →true
CF-Cache-Status →HIT
CF-RAY →2cfd2d4919e72dcd-BOM
Cache-Control →public, max-age=14400
Connection →keep-alive
Content-Encoding →gzip
Content-Type →application/json; charset=utf-8
Date →Tue, 09 Aug 2016 18:12:32 GMT
Etag →W/"134-PYMqYXMMQ68yDudiuhsVPg"
Expires →Tue, 09 Aug 2016 22:12:32 GMT
Pragma →no-cache
Server →cloudflare-nginx
Transfer-Encoding →chunked
Vary →Accept-Encoding
Via →1.1 vegur
X-Content-Type-Options →nosniff
X-Powered-By →Express

If someone can suggest, what i need to add in my code

sr7
  • 219
  • 1
  • 5
  • 13
  • what is your post man header values? or try ResponseEntity res = rt.exchange(url, HttpMethod.POST, entity, String.class); – kuhajeyan Aug 09 '16 at 18:09
  • 3
    403 Forbidden means your user either doesn't have permissions to do this action or no user has permissions to perform this action. If this is working on `postman` then there is something going wrong when you insert your authentication headers. – Susannah Potts Aug 09 '16 at 18:11
  • GET /posts?id=1 HTTP/1.1 Host: jsonplaceholder.typicode.com Cache-Control: no-cache Postman-Token: d96adb00-b143-8674-c32a-1ade941d33ea is from postman – sr7 Aug 09 '16 at 18:13
  • same error with POST as well.. – sr7 Aug 09 '16 at 18:15
  • seems you are sending a token in postman, but not with your code implementation – kuhajeyan Aug 09 '16 at 18:28
  • could you let me know how to generate and add token pls – sr7 Aug 09 '16 at 18:34
  • 1
    @kuhajeyan `postman-token` is a postman used token that shouldn't affect the `REST` function. It's generated with every postman call. Having used Postman to develop an HTTP java Rest Call, I can verify that it should not be required programatically. – Susannah Potts Aug 09 '16 at 18:39
  • @sr7 Try replacing the url you're using: `https://jsonplaceholder.typicode.com/posts/1` with: `https://jsonplaceholder.typicode.com/posts?id=1` – Susannah Potts Aug 09 '16 at 18:43
  • @SusannahPotts still same error: 00:17:19.472 [main] WARN o.s.web.client.RestTemplate - GET request for (https://jsonplaceholder.typicode.com/posts?id=1) resulted in 403 (Forbidden); invoking error handler Exception in thread "main" org.springframework.web.client.HttpClientErrorException: 403 Forbidden – sr7 Aug 09 '16 at 18:48
  • 1
    @sr7 Darn. Well I'm not sure what it is then. You can use postman to generate the code to give you a basis though. Click the `Generate Code` link under `Save` and select `Java OK HTTP` and it will show you, roughly, what the request looks like in Java. – Susannah Potts Aug 09 '16 at 18:50
  • hmm..okey..thanks for ur time – sr7 Aug 09 '16 at 19:03
  • surprisingly it worked with different url 00:47:55.907 [main] DEBUG o.s.web.client.RestTemplate - Writing [{"status":"testStatus2"}] as "application/json" using [org.springframework.http.converter.StringHttpMessageConverter@53f65459] 00:47:56.587 [main] DEBUG o.s.web.client.RestTemplate - GET request for "http://data.fcc.gov/api/block/find?latitude=39.9936&longitude=-105.0892&showall=false&format=json" resulted in 200 (OK) 0 – sr7 Aug 09 '16 at 19:21

1 Answers1

27

Try to add a "User-Agent" header to your request. You can either try to set a custom user agent value or use some value that identifies a Browser like "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"

@ComponentScan
@EnableAutoConfiguration
public class Application {
    public static void main(String[] args) {
        RestTemplate rt = new RestTemplate();
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
        headers.add("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36");
        HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
        String url = "https://jsonplaceholder.typicode.com/posts/1";
        ResponseEntity<String> res = rt.exchange(url, HttpMethod.GET, entity, String.class);
        System.out.println(res);
    }
}
user3655884
  • 139
  • 1
  • 9
P.J.Meisch
  • 18,013
  • 6
  • 50
  • 66
  • That was brilliant!!! But, why??? Please (PLEASE!), explain. – Almir Campos Jun 05 '18 at 17:55
  • 1
    @AlmirCampos: there is no specification for this behaviour, at least I ahve not found any. I think this is an (not really working) attempt to block spidering programs and scrapers from accessing a website, as these programs - at least in earlier times - did not send a user agent header. But as you see, this can easily be overcome and today only is a pita. – P.J.Meisch Jun 06 '18 at 12:11
  • Awesome @P.J.Meisch. You saved my life. I was stuck on this for more than three days. – Hemant Nagpal Nov 13 '20 at 21:59
  • it helped me a lot !!! – Viraj Dhamal May 15 '21 at 18:34