java - HDIV: Spring MVC application getting "Unauthorized access" error -
just implemented configuration samples hdiv spring mvc show case project web application , configured start links, etc , can see hdiv state parameter in url.
i have configured index.jsp redirect welcome.html page in same way mentioned in show case project , works.
problem if refresh welcome.html page error "unauthorized access" or if access of links welcome.html page 2nd time throws same error. logs can see -
015-05-31 12:53:02,131 org.hdiv.logs.logger - invalid_cookie;/welcome.htm;cookie:amcv_5c21123f5245af0c0a490d45%40adobeorg;-2017484664%7cmcmid%7c04001757167802827442558962327640098514%7cmcaamlh-1433633264%7c9%7cmcaamb-1433633264%7cnrx38wo0n5bh8th-nqag_a%7cmcaid%7cnone;;0:0:0:0:0:0:0:1;0:0:0:0:0:0:0:1;anonymous;
i have open page again in incognito mode of browser access again throw error on 2nd attempt or refresh of browser.
my sample configurations -
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:hdiv="http://www.hdiv.org/schema/hdiv" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd"> <hdiv:config excludedextensions="css,png,gif,jpeg,jpg,js,ico"> <hdiv:sessionexpired loginpage="/login.htm" homepage="/"/> <!-- <hdiv:startpages>/attacks/.*</hdiv:startpages> --> <hdiv:startpages method="get">/,/login.htm,/logout.htm</hdiv:startpages> <hdiv:startpages method="post">/j_spring_security_check</hdiv:startpages> <hdiv:startparameters>_csrf</hdiv:startparameters> </hdiv:config> <!-- accepted pattern within application editable parameters (generated textbox , textarea) --> <hdiv:validation id="safetext"> <hdiv:acceptedpattern><![cdata[^[a-za-z0-9@.\-_]*$]]></hdiv:acceptedpattern> </hdiv:validation> <!-- finally, it's necessary define editable data validation list application --> <hdiv:editablevalidations> <!-- <hdiv:validationrule url="/secure/.*"></hdiv:validationrule> --> <!-- finally, it's necessary define editable data validation list application --> <hdiv:validationrule url="/oe/.*"></hdiv:validationrule> <hdiv:validationrule url="/safetext/.*" enabledefaults="false">safetext</hdiv:validationrule> </hdiv:editablevalidations> </beans>
it seems generating cookie in client side. result, hdiv not notice it. think using adobe® marketing cloud , generating cookie.
try disabling integrity in cookies:
<hdiv:config avoidcookiesintegrity="true">
i hope helps.
Comments
Post a Comment