0

I'm a little new in Java Spring. What I want to do is as follows: Some 3rd party is asking a "return URL" from me and I set it as follows: https://localhost:9002/my-account/order-history Then they send me a POST request and I'm supposed to handle it within my controller. The request has both url parameters and a form data. The request is 

Request URL:https://localhost:9002/my-account/order-history?responseCode=0000&token=E0ECFC1214B19E5D11B9B587920FC5F164C5CB17E7DC67F083E0EC6676F79467DFBDF4B6CCF3C39BF47F0232D1AA42F1FA112F29B0157DDF98EE3997F781CCB1FEB070A44E530691BA36674BEA4CF56A4A43F2B9746D9C3591CF288D745A6694
Request Method:POST
Status Code:403 Bad or missing CSRF token
Remote Address:127.0.0.1:9002
Referrer Policy:no-referrer-when-downgrade

A part of the form data is:

I added the whole form data and other request info as attachment.

The controller I'm desperately trying to use is as follows:

@Controller
@RequestMapping(value = "/my-account")
public class MaviAccountPageController extends MaviAbstractController
{
    @RequestMapping(value = "/order-history", method = RequestMethod.POST)
    public ModelAndView process(@RequestBody final String req)
    {
        //consumes = "text/plain"
        System.out.println(req);
        System.out.println(req);
        return new ModelAndView("deneme");
    }
    ....
}

And I keep getting 403 - Bad or missing CSRF token error. How should I implement my controller? I have checked below links and they did not work out unfortunately: How to retrieve FORM/POST Parameters in Spring Controller? How to explicitly obtain post data in Spring MVC?

I tried, but failed to regenerate issue on postman. Can anyone, please, advise me about how to move on?

Dogugun Ozkaya
  • 43
  • 1
  • 7
  • check these https://stackoverflow.com/questions/22555110/csrf-cross-site-request-forgery-protection-in-spring-mvc https://spring.io/blog/2013/08/21/spring-security-3-2-0-rc1-highlights-csrf-protection/ – pvpkiran Nov 24 '17 at 15:06
  • The links you've checked are not related to error you've got. You should search for what that error means, not how to obtain parameters from request. – M. Prokhorov Nov 24 '17 at 15:11
  • Thank you but the 3rd party refuses to add the "" line in their form. I think I will try the below answer for @CrossOrigin annotation. – Dogugun Ozkaya Nov 24 '17 at 16:38
  • I tried this [link](https://stackoverflow.com/questions/29389031/cross-origin-request-blocked-spring-rest-service-ajax) yet did not work neither. – Dogugun Ozkaya Nov 24 '17 at 18:34
  • The error has nothing to do with Spring configuration i think , Its a CSRF token issue – Vipin CP Nov 25 '17 at 14:15
  • Thanks. so how can I search this issue? I tried some solutions about cors, but did not work. – Dogugun Ozkaya Nov 25 '17 at 21:01

1 Answers1

0

you can annotate your method with @CrossOrigin

@CrossOrigin
@RequestMapping(value = "/order-history", method = RequestMethod.POST)
public ModelAndView process(@RequestBody final String req)
{
    //consumes = "text/plain"
    System.out.println(req);
    System.out.println(req);
    return new ModelAndView("deneme");
}

https://spring.io/guides/gs/rest-service-cors/

Amr Alaa
  • 545
  • 3
  • 7
  • Thank you for the great article. However hybris does not allow me to add below code to my external-dependencies(pom.xml of hybris). org.springframework.boot spring-boot-starter-parent 1.5.8.RELEASE – Dogugun Ozkaya Nov 24 '17 at 18:00