【发布时间】:2017-03-16 13:52:14
【问题描述】:
你有任何访问 https url 的想法吗? 我真的很想完成它。 当我尝试像这样连接到服务器时,服务器发送 403 错误。 我也创建了 .cert 和 .keystore 。 感谢您分享您的想法。
我的服务器代码(控制)
@Log4j
@Controller
@RequestMapping("/v0.1/login")
public class LoginSessionAPI {
@Autowired
UserService service;
@RequestMapping(method = RequestMethod.POST)
public String verify(@RequestParam("id") String id, @RequestParam("pw") String pw) {
String auth = service.excute(id, pw);
return auth;
}
}
客户网站(JavaScript)
function getService(userId, userPw, ipPort){
var protocol = "https://"
var HOST = protocol + ipPort + "/v0.1/login";
console.log("HOST : "+HOST);
var loginAuth;
var loginJson = new Object();
loginJson.id = userId;
loginJson.pw = userPw;
var loginRequest = new XMLHttpRequest();
loginRequest.onreadystatechange = function(){
// process the server response
console.log("status : "+loginRequest.status);
if (loginRequest.status == 200) {
console.log("object : "+loginRequest.responseText);
if(loginRequest.responseText === ""){
}else{
var responseLoginJson = eval("("+loginRequest.responseText+")");
loginAuth = responseLoginJson.loginAuth;
}
} else {
console.log("failed");
}
};
loginRequest.open("POST", HOST, false);
loginRequest.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
console.log(loginJson);
loginRequest.send(JSON.stringify(loginJson));
}
And then,
I call getService(id, pw, ipPort) function.
我创建了 SSL 认证。
应用程序.properties
server.port=8443
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=123456
server.ssl.key-password=123456
server.ssl.key-alias=tomcat
server.ssl.trust-store=cacerts.jks
server.ssl.trust-store-password=123456
server.ssl.protocol=TLS
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_25\u200C\u200B6_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
【问题讨论】:
-
从浏览器附加日志
-
{"timestamp":1478303640819,"status":403,"error":"Forbidden","message":"未找到预期的 CSRF 令牌。您的会话是否已过期?","path" :"/action/register"}"
-
我附上了这个标题,但仍有问题。 var header = $("meta[name='_csrf_header']").attr("content"); var token = $("meta[name='_csrf']").attr("content"); loginRequest.setRequestHeader(header, token);
-
Spring boot的版本是v1.3.3.RELEASE
标签: javascript java spring ssl