无法使用spring security 3.2.7获取csrf令牌

时间:2015-05-15 09:52:11

标签: rest spring-security spring-boot

我使用Spring Security 3.2.7和spring boot 1.2.3。我正在构建Rest应用程序并使用java配置实现spring安全性,其中默认情况下CSRF处于打开状态,我知道我可以使用“http.csrf()。disable()”在我的重写配置方法中禁用它。但是假设我不想禁用它,但我需要CSRF令牌。当我点击网址

localhost:8080/myproject/url

使用POST请求

{
    "timestamp": 1431682924618,
    "status": 403,
    "error": "Forbidden",
    "message": "Expected CSRF token not found. Has your session expired?",
    "path": "/myproject/user"
}

那么如何在不禁用csrf的情况下以相同的结果点击同一个网址。

我的SecurityConfig文件是:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private DataSource dataSource;

    @Autowired
    private CustomUserDetailsService customUserDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        // In memory authentication
        /*auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");*/
        auth.userDetailsService(customUserDetailsService);
    }


    @Override
     protected void configure(HttpSecurity http) throws Exception {
//      http.csrf().disable()               //Disable csrf security
        http
        .authorizeRequests()
        .antMatchers("/myproject/user/signup").permitAll()
        .antMatchers("/myproject/**").hasRole("ADMIN")
        .and().httpBasic();

      }
}

0 个答案:

没有答案