个人中心
gpt4 book ai didi

spring-boot - "status": 403, "error": "Forbidden", "message": "Forbidden", "path": "/post/create"

转载 作者:行者123 更新时间:2023-12-03 22:53:34 27 4
gpt4 key购买 nike

当我尝试在管理员授权后添加新帖子时看到此响应。
我有基于 Spring Boot 安全性的基本授权:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    //...declared fields
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .passwordEncoder(passwordEncoder())
                .withUser("user")
                .password("userpass")
                .roles("USER")
                .and()
                .withUser("admin")
                .password("adminpass")
                .roles("ADMIN", "USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll()
                .anyRequest().authenticated()
                .and()
                .httpBasic()
                .and().logout().permitAll()
                .and()
                .formLogin()
                .loginProcessingUrl("/login")
                .permitAll()
                .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

尝试在授权后添加新帖子时收到此消息: 
{
    "timestamp": "2018-07-04T12:19:25.638+0000",
    "status": 403,
    "error": "Forbidden",
    "message": "Forbidden",
    "path": "/post/create"
}

在我的 Controller 中: 
@RestController
public class PostController {
    @Autowired
    private PostDAO postDAO;

    @GetMapping("/posts")
    public Page<Post> getAllPosts(Pageable pageable) {
        return postDAO.findAll(pageable);
    }

    @PostMapping("/post/create")
    public Post createPost(@Valid @RequestBody Post post) {
        return postDAO.save(post);
    }
    //other end-points........
}

但是,从我的 Controller 读取操作运行良好,但我无法访问 CRUD 操作。

有我的依赖项: 
dependencies {
    compile ('org.springframework.boot:spring-boot-starter-web')
    compile('org.springframework.boot:spring-boot-starter-data-jpa')
    compile('org.hibernate:hibernate-core')
    compile('org.springframework.boot:spring-boot-starter-security')
    runtime('mysql:mysql-connector-java')
    testCompile('org.springframework.boot:spring-boot-starter-test')
    testCompile('org.springframework.security:spring-security-test')
    testCompile('junit:junit')
}

任何的想法?
提前致谢!

最佳答案

这是由于 CSRF启用。 CSRF Java 配置中默认启用保护。我们仍然可以禁用 CSRF使用下面给出的配置。

http .csrf().disable() .authorizeRequests() .anyRequest().permitAll();

从 Spring 开始 安全 4.x CSRF XML 配置中也默认启用保护;如果我们需要,我们当然仍然可以禁用它: 
<http>
    ...
    <csrf disabled="true"/>
</http>

Note : CSRF is an attack which forces an end user to execute unwanted actions in a web application in which is currently authenticated.

关于spring-boot - "status": 403, "error": "Forbidden", "message": "Forbidden", "path": "/post/create",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51174601/

27 4 0
文章推荐: prometheus - 当值不存在时,默认求和运算符为 0
文章推荐: discord.py - 只说命令机器人所有者
文章推荐: ios - 无法分配给属性 : 'width' is a get-only property
文章推荐: reactjs - React - 函数作为 React 子节点无效。如果您从渲染中返回 Component 而不是 ,则可能会发生这种情况
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com