1. 首页
  2. 问答
  3. GET请求被禁止的,而POST请求经过精细

GET请求被禁止的,而POST请求经过精细

2013-07-21 89 views
1

在我的web应用程序,我需要调用到一个不同的Web服务(开发/由我管理)来启动/通过REST API的管理资源。 Web服务在tomcat6上运行。我可以从浏览器日志中看到POST请求正在通过,但GET请求正被禁止。如果我从Web服务本身进行相同的调用,那么我没有看到任何问题。我已经定义了跨源过滤器的tomcat6和支持的方法提到太,但仍问题仍然存在..GET请求被禁止的,而POST请求经过精细

我已经定义了跨起源过滤这种方式在应用服务器层面本身的web.xml文件。我正在使用http://software.dzhuvinov.com/cors-filter.html的CORS过滤器库。这是一个tomcat6中的服务器和过滤器已在($ TOMCAT6_HOME/conf目录/ web.xml)中定义如下

<filter> 
    <filter-name>CORS</filter-name> 
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> 
    <init-param> 
    <param-name>cors.allowOrigin</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
    <param-name>cors.supportedMethods</param-name> 
     <param-value>GET, POST, HEAD, PUT, DELETE, OPTIONS</param-value> 
    </init-param> 
    <init-param> 
    <param-name>cors.supportedHeaders</param-name> 
    <param-value>*</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>CORS</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

奇怪的是,web服务接受POST电话,但对于GET调用,它抛出403 - 禁止错误说服力“访问指定的资源已被禁止“。是

头的GET调用如下

Request URL:https://remote.vm.mycompany.com/remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 
Request Method:GET 
Status Code:403 Forbidden 
Request Headersview source 
Accept:*/* 
Accept-Encoding:gzip,deflate,sdch 
Accept-Language:en-US,en;q=0.8 
Connection:keep-alive 
Host:remote.vm.mycompany.com 
Origin:https://ec2-184-72-200-91.compute-1.amazonaws.com 
Referer:https://ec2-184-72-200-91.compute-1.amazonaws.com/ 
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36 
Query String Parametersview sourceview URL encoded 
read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0: 
Response Headersview source 
Access-Control-Allow-Credentials:true 
Access-Control-Allow-Origin:https://ec2-184-72-200-91.compute-1.amazonaws.com 
Content-Length:961 
Content-Type:text/html;charset=utf-8 
Date:Sun, 21 Jul 2013 17:17:37 GMT 
Server:Apache-Coyote/1.1

Tomcat的访问日志也显示GET请求已被禁止,但简化版,给出任何线索任何日志

- - - [21/Jul/2013:17:17:37 +0000] POST /remote/tunnel?connect HTTP/1.1 200 - 
- - - [21/Jul/2013:17:17:37 +0000] GET /remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 HTTP/1.1 403 -

这里是我的servlet代码。我试图整合guacamole(HTML5 VNC客户端作为Web服务)

package com.mycompany.html5remote; 

import java.util.Arrays; 

import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpSession; 

import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 

import net.sourceforge.guacamole.GuacamoleException; 
import net.sourceforge.guacamole.net.GuacamoleSocket; 
import net.sourceforge.guacamole.net.GuacamoleTunnel; 
import net.sourceforge.guacamole.net.InetGuacamoleSocket; 
import net.sourceforge.guacamole.protocol.ConfiguredGuacamoleSocket; 
import net.sourceforge.guacamole.protocol.GuacamoleClientInformation; 
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration; 
import net.sourceforge.guacamole.servlet.GuacamoleHTTPTunnelServlet; 
import net.sourceforge.guacamole.servlet.GuacamoleSession; 

public class HttpTunnel extends GuacamoleHTTPTunnelServlet { 

    private Logger logger = LoggerFactory.getLogger(HttpTunnel.class); 

    @Override 
    protected GuacamoleTunnel doConnect(HttpServletRequest request) throws GuacamoleException { 

     HttpSession httpSession = request.getSession(true); 
     logger.info("Inside doConnect Method."); 


     GuacamoleClientInformation info = new GuacamoleClientInformation(); 

     String hostname = request.getParameter("hostname"); 
     String protocol = request.getParameter("protocol"); 

     // Create socket 
     GuacamoleConfiguration config = new GuacamoleConfiguration(); 
     config.setProtocol(protocol); 
     config.setParameter("hostname", hostname); 
     //config.setParameter("hostname", "ec2-184-73-104-108.compute-1.amazonaws.com"); 
     if("vnc".equals(protocol)){ 
      config.setParameter("port", "5901"); 
     }else if ("rdp".equals(protocol)){ 
      config.setParameter("port", "3389"); 
     }else{ 
      config.setParameter("port", "22"); 
     } 

     logger.info("Set the configuration. Creating the socket connection now.."); 

     // Return connected socket 
     GuacamoleSocket socket = new ConfiguredGuacamoleSocket(
       new InetGuacamoleSocket("localhost", 4822), 
       config, info 
     ); 

     logger.info("Successfully created socket connection."); 


     // Create tunnel from now-configured socket 
     GuacamoleTunnel tunnel = new GuacamoleTunnel(socket); 

     // Attach tunnel 
     GuacamoleSession session = new GuacamoleSession(httpSession); 
     session.attachTunnel(tunnel); 
     logger.info("Done"); 
     return tunnel; 

    } 

}

的文档GuacamoleHTTPTunnelServlet(GPL许可)是here

可能可能我错过了什么?还有其他地方可以寻找线索吗?请帮助

来源

2013-07-21 Ram

+0

您可以将您的控制器或servlet代码,另外,如果可能的话? – Karthikeyan

+0

@Karthikeyan我已经更新了servlet代码。它是一种朴素简单的servlet,其中GET/POST请求在 – Ram

回答

0

你有涉及到在web.xml配置的HTTP方法的任何安全约束?我不确定你为什么选择单独的api来过滤你的请求?

来源

2013-07-21 17:47:27 junkiecoder

+0

父类中定义我是新手..纠正我,如果我错了。我已经看到,如果请求来自浏览器以外的任何其他请求,如果我们没有在web服务中定义交叉源过滤器,它将不会为请求提供服务。我想要的只是能够从其他Web服务器发送GET和POST请求。帮助我,如果有更好的方法 – Ram

+0

我通常不会看到基于客户端的区别。它主要是基于它们交谈 – junkiecoder

+0

CORS滤波器抛出403错误代码时cors.allowOrigin不具有域发送GET请求的协议。 – junkiecoder

相关问题

 相关问题