gpt4 book ai didi

spring-mvc - POST 请求的 Spring 安全配置

转载 作者:行者123 更新时间:2023-12-03 21:54:51 24 4
gpt4 key购买 nike

我在 Rest API 中配置了 spring security。我有三个 Controller 方法。一种使用 GET,另两种使用 POST。
现在,我已经使用了基本身份验证。
问题是 GET 请求的安全性工作正常,但不适用于 POST 请求。

I am always getting 403 Forbidden response for the requests when POST method is used.



Controller 类:
package com.base.controller;

import java.util.List;

import javax.validation.Valid;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

import com.base.model.User;
import com.base.service.UserService;

@RestController

public class CountryController {




@Autowired
UserService userService; //Service which will do all data retrieval/manipulation work


//-------------------Retrieve All Users--------------------------------------------------------

@RequestMapping(value = "/user/", method = RequestMethod.POST)
public ResponseEntity<List<User>> listAllUsers() {
List<User> users = userService.findAllUsers();
if(users.isEmpty()){
return new ResponseEntity<List<User>>(HttpStatus.NO_CONTENT);//You many decide to return HttpStatus.NOT_FOUND
}
return new ResponseEntity<List<User>>(users, HttpStatus.OK);
}


//-------------------Retrieve Single User--------------------------------------------------------

@RequestMapping(value = "/user/{id}", method = RequestMethod.GET)
public ResponseEntity<User> getUser(@PathVariable("id") long id) {
System.out.println("Fetching User with id " + id);
User user = userService.findById(id);
if (user == null) {
System.out.println("User with id " + id + " not found");
return new ResponseEntity<User>(HttpStatus.NOT_FOUND);
}
return new ResponseEntity<User>(user, HttpStatus.OK);
}

@RequestMapping(value = "/user123", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.ALREADY_REPORTED)
public User postUser(@RequestBody @Valid User user) {
System.out.println("Fetching User with id " + user.getId());
user.setName("Tou added");
return user;
}
}

安全配置:
@Configuration
@EnableWebSecurity
@ComponentScan("com.base.security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
MyUSerService userService;

@Autowired
public void configureGlobalAuth(final AuthenticationManagerBuilder auth)throws Exception{
auth.userDetailsService(userService);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
// TODO Auto-generated method stub
http.authorizeRequests().anyRequest().authenticated().and().httpBasic().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}

MyUserService(提供用户名和密码)
 @Service
public class MyUSerService implements UserDetailsService{



@Override
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {
// TODO Auto-generated method stub
List<SimpleGrantedAuthority> authoriities = new ArrayList<SimpleGrantedAuthority>();
authoriities.add(new SimpleGrantedAuthority("WRITE"));
return new User("ayush","ayush123",authoriities);
}
}

网页.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<display-name>Archetype Created Web Application</display-name>



<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>springrest</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.base.config</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springrest</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>

我正在使用“Google Advanced Rest Client”。

最佳答案

您需要禁用 CSRF。 CRSF is enabled by default在 Spring 安全 4.

http.csrf().disable()
或发送请求 with CRSF token .

关于spring-mvc - POST 请求的 Spring 安全配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41373588/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com