Forum Discussion
Bronze IStuck On Secure Spring Developer (Beginner) URL Parameters Challenge
The lab is around trying to mediate a vulnerability by changing a GET request to a POST request in order to keep sensitive login information out of the URL params. But basically I don't know how I need to go about changing the code(apart from changing "GET" to "POST" on the login form and in a backend method). I'm at a total loss on this one so I'd really appreciate some guidance or an example. I wasn't sure if I should also be making changes to the mapping on the controller (although this isn't mentioned in the lab).
These are the changes I have made so far
<form th:action="@{/login}" method="POST">
protected LoginProcessingFilter(AuthenticationManager authenticationManager) {
super(new AntPathRequestMatcher("/login", "POST"));
setAuthenticationManager(authenticationManager);
setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/home"));
}Thanks in advance for any assistance
joneill - Those two changes of "GET" to "POST" are all that is required to complete the lab. Give it another go, I've literally just completed it and it completed straight away for me after I pressed the 'Test my code' button
2 Replies
- LewisMutton
Bronze III
joneill - Those two changes of "GET" to "POST" are all that is required to complete the lab. Give it another go, I've literally just completed it and it completed straight away for me after I pressed the 'Test my code' button
joneillLewisMutton I tried multiple times but each attempt when I pressed the test my code button the result was not working, not secure, and it never directed me to the challenge complete splash page. Strangely when I then went back to the Collection page with the list of challenge titles this one is marked as completed. Really odd but I'm thinking perhaps it was just some sort of UI issue.
