我正在尝试使用具有安全功能的spring远程客户端,但安全性方面工作正常,但是当我添加DelegatingFilterProxy时,我看到错误403并禁止显示消息。
这是我的配置
<bean id="provisioningService"
class="com.ravisha.spring.remote.httpinvoker.ProvisioningServiceImpl" />
<bean name="/provisioningService"
class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
<property name="service" ref="provisioningService" />
<property name="serviceInterface" value="com.ravisha.spring.remote.httpinvoker.ProvisioningService"/>
</bean>
<security:http>
<security:http-basic/>
<security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service id="uds">
<security:user name="test" password="test"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
答案 0 :(得分:0)
默认情况下,Spring Security会在版本4中启用CSRF保护。对于HttpInvoker,您不需要它并可以禁用它。我还建议明确使安全无国籍。
<security:http create-session="stateless">
<security:csrf disabled="true"/>
<security:http-basic/>
<security:intercept-url pattern="/provisioningService" access="hasRole('ROLE_USER') "/>
</security:http>