java - HTTPie fails in Cron when hitting Spring Security service with CSRF protection enabled -
i have spring boot application, secured spring security. have bash script i'm running periodically data rest endpoint. script runs fine either user or root, when plug cron, fails http 403.
my simplified test script:
#! /bin/bash http <my host>/api/characters &> /home/sam/httperror
the error httpie gives in cron:
{"timestamp":1502762821997,"status":403,"error":"forbidden","message":"could not verify provided csrf token because session not found.","path":"/api/characters"}
here security configuration:
@override protected void configure(httpsecurity http) throws exception { http .authorizerequests() .antmatchers("/css/**", "/js/**", "/api/**", "/favicon.ico", "/favicon.png").permitall() .antmatchers("/login*").anonymous() .antmatchers("/**").authenticated() .and() .formlogin() .loginpage("/login.html") .loginprocessingurl("/login") .defaultsuccessurl("/") .and() .logout() .deletecookies("jsessionid") .and() .rememberme() .key(remembermekey); }
here controller method:
@getmapping public list<dndcharactersummary> getcharacters(@requestparam(required = false) string owner) { if (null == owner) { return charrepo.findbyidisnotnull(); } return charrepo.findbyowner(owner); }
by understanding, csrf shouldn't affect requests @ all.
also, have never hit endpoint machine other via command, there shouldn't different stored session/cookie info on user.
Comments
Post a Comment