java - HTTPie fails in Cron when hitting Spring Security service with CSRF protection enabled -


i have spring boot application, secured spring security. have bash script i'm running periodically data rest endpoint. script runs fine either user or root, when plug cron, fails http 403.

my simplified test script:

#! /bin/bash  http <my host>/api/characters &> /home/sam/httperror 

the error httpie gives in cron:

{"timestamp":1502762821997,"status":403,"error":"forbidden","message":"could not verify provided csrf token because session not found.","path":"/api/characters"} 

here security configuration:

@override protected void configure(httpsecurity http) throws exception {     http         .authorizerequests()             .antmatchers("/css/**", "/js/**", "/api/**", "/favicon.ico", "/favicon.png").permitall()             .antmatchers("/login*").anonymous()             .antmatchers("/**").authenticated()     .and()         .formlogin()             .loginpage("/login.html")             .loginprocessingurl("/login")             .defaultsuccessurl("/")     .and()         .logout()             .deletecookies("jsessionid")     .and()         .rememberme()             .key(remembermekey); } 

here controller method:

@getmapping public list<dndcharactersummary> getcharacters(@requestparam(required = false) string owner) {     if (null == owner) {         return charrepo.findbyidisnotnull();     }      return charrepo.findbyowner(owner); } 

by understanding, csrf shouldn't affect requests @ all.

also, have never hit endpoint machine other via command, there shouldn't different stored session/cookie info on user.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -