gpt4 book ai didi

Spring Security 配置 : HTTP 403 error

转载 作者:IT老高 更新时间:2023-10-28 13:05:10 26 4
gpt4 key购买 nike

我正在尝试按照网络上的指南使用 Spring Security 来保护我的网站。

所以在我的服务器端我有以下类。

我的WebSecurityConfigurerAdapter:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements ApplicationContextAware {

@Override
protected void registerAuthentication(AuthenticationManagerBuilde rauthManagerBuilder) throws Exception {
authManagerBuilder.inMemoryAuthentication().withUser("user").password("password").roles("ADMIN");
}
}

我的 Controller :

@Controller
//@RequestMapping("/course")
public class CourseController implements ApplicationContextAware {

@RequestMapping(value="/course", method = RequestMethod.GET, produces="application/json")
public @ResponseBody List<Course> get( // The criterion used to find.
@RequestParam(value = "what", required = true) String what,
@RequestParam(value = "value", required = true) String value) {
//.....
}

@RequestMapping(value = "/course", method = RequestMethod.POST, produces = "application/json")
public List<Course> upload(@RequestBody Course[] cs) {

}
}

让我非常困惑的是服务器没有响应 POST/DELETE 方法,而 GET 方法工作正常。顺便说一句,我在客户端使用 RestTemplate

异常(exception)情况是:

Exception in thread "main" org.springframework.web.client.HttpClientErrorException: 403 Forbidden
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:574)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:487)
at org.springframework.web.client.RestTemplate.delete(RestTemplate.java:385)
at hello.Application.createRestTemplate(Application.java:149)
at hello.Application.main(Application.java:99)

我已经在互联网上搜索了几天。还是没有头绪。请帮忙。非常感谢

最佳答案

此问题可能是由于 CSRF protection .如果用户不会在 Web 浏览器中使用您的应用程序,then it is safe to disable CSRF保护。否则你应该确保到 include the CSRF token in the request .

disable CSRF protection您可以使用以下内容:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig
extends WebSecurityConfigurerAdapter implements ApplicationContextAware {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.csrf().disable();
}

@Override
protected void registerAuthentication(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
authManagerBuilder
.inMemoryAuthentication()
.withUser("user").password("password").roles("ADMIN");
}
}

关于Spring Security 配置 : HTTP 403 error,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19468209/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com