-1

I am using Spring security to do the authentication. From UI if I am posting the username and password in request body then I am geetin HTTP 401 error. But if I am posting username and password in URL then it working fine.

Please find my Spring Security configuration:

     <http auto-config="true"  use-expressions="true">

        <form-login login-processing-url="/rest/auth/j_spring_security_check"
            login-page="/rest/requiredlogin" authentication-failure-handler-ref="authFailureHandler"
            authentication-success-handler-ref="authSuccessHandler"
            username-parameter="username" password-parameter="password" />


        <logout logout-url="/rest/auth/logout" invalidate-session="true" delete-cookies="true" success-handler-ref="authLogOutSuccessHandler"/>

        <csrf disabled="true" />
    </http>

Please find my UI request:

login(userName, password): Observable<any> {

    const loginData = {'username' : userName, 'password' : password};

    const authUrlParam = 'rest/auth/j_spring_security_check';
    return post(authUrlParam, loginData);
  }

post(url: string, data: any): Observable<any> {
    console.log('Posting Data to Server url : ' + environment.serverUrl + url);

    const reqOp: RequestOptions = this.getHeaders();

    const returnResponse = this.http
      .post(environment.serverUrl + url, data, reqOp)
      .map((response: Response) => response.json().data)
      .catch(this.handleError);
    return returnResponse;
  }

I am using following technology:

Spring: 4.3.9.RELEASE Spring Security: 4.2.3.RELEASE Angular: 5.2.7

I am looking for a solution to post credential in body. Otherwise if I post in URL then anyone can see the credential.

UI Request screenshot

Suvonkar
  • 2,440
  • 12
  • 34
  • 44
  • 1
    Did you try passing `username` and `password` as URL search params string to your post request instead of JSON data? e.g using URLSearchParams() – mjlowky Mar 14 '18 at 06:23
  • 2
    I saw that. What I'm saying is instead of `JSON` did you try passing `username=someusername&password=somepassword` string in your post body? – mjlowky Mar 14 '18 at 08:56
  • @mj_1, it works. Thanks. – Suvonkar Mar 14 '18 at 09:15

1 Answers1

0

Finally I have found the solution.

Now my loginData, the credential, which I am posting to server for authentication, is a simple string like "username=someusername&password=somepassword". Also note that I am sending content-type: application/x-www-form-urlencoded in my request.

login(userName, password): Observable<any> {

    const loginData = 'username=' + userName + '&password=' + password;

    const authUrlParam = 'rest/auth/j_spring_security_check';
    return this.ajaxService.postForLogin(authUrlParam, loginData, 'application/x-www-form-urlencoded');
  }

postForLogin(url: string, data: any, contentType: string): Observable<any> {
    console.log('Posting Data to Server url : ' + environment.serverUrl + url);

    const headers = new Headers();
    headers.append('Content-Type', contentType);
    const reqOp = new RequestOptions({ headers: headers, withCredentials: true });

    const returnResponse = this.http
      .post(environment.serverUrl + url, data, reqOp)
      .map((response: Response) => response.json().data)
      .catch(this.handleError);
    return returnResponse;
  }
Suvonkar
  • 2,440
  • 12
  • 34
  • 44