gpt4 book ai didi

java - 使用 Vaadin 和 Spring Security 时出现 403 CSRF token 错误

转载 作者:行者123 更新时间:2023-12-03 02:04:35 29 4
gpt4 key购买 nike

我正在尝试在 vaadin 应用程序中实现 spring security,但是我遇到了一个问题,登录页面后,它显示了一个错误:

{"status":403,"error":"Forbidden","message":"Could not verify the provided CSRF token because your session was not found.","path":"/"}

我尝试了很多方法,但没有一个有效,这是我的标准安全配置类:

//SecurityConfig.java    
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}

Controller 类:

//HomeController.java
@RestController
public class HomeController {

@GetMapping("/")
public String index() {
return "Welcome to the home page!";
}

@GetMapping("/error")
public String error(){
return "Error!";
}

}

和 Vaadin UI 类

//VaadinUI.java
@SpringUI
public class VaadinUI extends UI {
VerticalLayout layout = new VerticalLayout();

com.vaadin.ui.Label label = new com.vaadin.ui.Label("Witaj");

@Autowired
public VaadinUI() {}

@Override
protected void init(VaadinRequest request) {
setContent(layout);
layout.addComponent(label);
}

}

还有我的 pom.xml

//pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>example.com</groupId>
<artifactId>LDAPSpringInitializr</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>LDAPSpringInitializr</name>
<description>Demo project for Spring Boot</description>

<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<vaadin.version>8.0.5</vaadin.version>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-bom</artifactId>
<version>${vaadin.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>


</project>

如何将 Vaadin 与 Spring Security 结合使用?我想稍后将 spring security 与 LDAP 连接起来。

最佳答案

我对 Vaadin 不太熟悉,但是这篇文章 https://vaadin.com/blog/-/blogs/filter-based-spring-security-in-vaadin-applications表明 Vaadin 已经提供了 CSRF 保护,因此您可以通过以下方式在 Spring 中禁用它

@Override
protected void configure(final HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}

在您的 SecurityConfig 中。

关于java - 使用 Vaadin 和 Spring Security 时出现 403 CSRF token 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44301518/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com