我在关系数据库中保存spring会话时收到此错误

时间:2016-01-28 14:37:43

标签: java database spring spring-security

请帮助某人,我正在尝试从此处link

保存关系数据库中的spring会话ID

我收到了这个错误:

  

Whitelabel错误页面

     

这个应用程序没有/ error的显式映射,所以你看到了   这是一个后备。 1月28日星期四19:51:15 IST 2016有一个   意外错误(type = Forbidden,status = 403)。预期的CSRF令牌不是   找到。你的课程到期了吗?

我的SecurityConfig类:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
//@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableWebSecurity
public class SecurityConfig {


    @Bean
    public HttpSessionStrategy httpSessionStrategy() {
        return new CookieHttpSessionStrategy();
    }

    @Bean
    public SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter(
            SessionRepository<ExpiringSession> sessionRepository,
            HttpSessionStrategy httpSessionStrategy
    ) {
        SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<>(sessionRepository);
        sessionRepositoryFilter.setHttpSessionStrategy(httpSessionStrategy);
        return sessionRepositoryFilter;
    }

    @Bean
    public SessionRepository<ExpiringSession> sessionRepository() {
        return new JPASessionRepository(10);
    }



    @Configuration
    @Order(1)
    public static class SpringWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        @Bean
        public AuthenticationManager authenticationManager() throws Exception {
            return super.authenticationManager();
        }

        @Autowired
        private UserDetailsService userDetailsService;

        @Autowired
        private SessionRepositoryFilter<ExpiringSession> sessionSessionRepositoryFilter;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .antMatchers("/public/**").permitAll()
                    .antMatchers(("/")).hasAnyAuthority("ADMIN")
                    .antMatchers("/home").hasAnyAuthority("ADMIN")
                    .antMatchers("/users/**").hasAuthority("ADMIN")
                    .anyRequest().fullyAuthenticated()
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .defaultSuccessUrl("/adduser")
                    .failureUrl("/login?error")
                    .usernameParameter("email")
                    .passwordParameter("password")
                    .permitAll()
                    .and()
                    .addFilterBefore(sessionSessionRepositoryFilter, ChannelProcessingFilter.class)
                    .logout()
                    .logoutUrl("/logout")
                    .deleteCookies("remember-me")
                    .logoutSuccessUrl("/home")
                    .permitAll()
                    .and()
                    .rememberMe();
        }

        @Override
        public void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .userDetailsService(userDetailsService)
                    .passwordEncoder(new BCryptPasswordEncoder());
        }
    }
}

0 个答案:

没有答案
相关问题
最新问题