0

I have problem with sending POST request by curl command. 

     @RequestMapping(value = "/abc/def/{parameter}/enum", method = RequestMethod.POST)
     public ResponseEntity<classA> function(@PathVariable(value = "parameter") int parameter, @RequestBody String parameter2) {
           a = list.get(parameter);
           a.setParameter(enumA.getValue(parameter2));
           ResponseEntity<classA> response = new ResponseEntity<>(a, HttpStatus.OK);
          return response;
     }

Then i want to send POST by curl command:

curl -H "Content-Type: application/json" -X POST -d '{"parameter2" : "enum"}' https://user:password@localhost:port/abc/def/1/enum -k

I get response:

{"timestamp":123456789,"status":403,"error":"Forbidden","message":"Expected CSRF token not found. Has your session expired?","path":"/abc/def/1/enum/"}

Ideas?

Improve this question
1
  • try this : curl -H "Content-Type: application/json" -X POST -d '{"parameter2" : "enum"}' -u username:password https://localhost:port/abc/def/1/enum Commented Sep 24, 2015 at 8:49

1 Answer 1

Reset to default
1

The problem is:

Expected CSRF token not found.

Your aplication (Spring MVC as i can see) have CSRF protection enabled, so you need to send the "_csrf" param with the post. More info at:
http://docs.spring.io/spring-security/site/docs/current/reference/html/csrf.html
https://spring.io/blog/2013/08/21/spring-security-3-2-0-rc1-highlights-csrf-protection/

The CSRF token value changes with the user session, if you want to see this csrf token you can visit your aplication with the web browser and see the HTML code of your page, in the form tag you will see something like this:

<input type="hidden"
    name= _csrf
    value= 964f8675-a57a-4f85-b196-976d71ffef96 />

So you need to send this param within your POST.

curl -H "Content-Type: application/json" -X POST -d '{"parameter2" : "enum","_csrf":"964f8675-a57a-4f85-b196-976d71ffef96"}' -u username:password https://localhost:port/abc/def/1/enum

CARE!: as I said, this token will change with the user session, so you will not be able to use the same token always.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.