Question

我想在我的网站上为某个“/ interface”网址启用POST请求。我已通过Class<?>[] getRootConfigClasses()成功加载了该类，HttpSecurity http的指定CSP标头已存在。

每当我向/interface提出请求时，我都会HTTP 403。

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
{

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .authorizeRequests().antMatchers(HttpMethod.POST, "/interface").permitAll().and()
            .headers()
            .contentTypeOptions().and()
            .cacheControl().and()
            .httpStrictTransportSecurity().and()
            .frameOptions().and()
            .contentSecurityPolicy("the csp header. it is present on every response.");
    }
}

Answer 1

尝试覆盖其他配置方法：configure(WebSecurity webSecurity)。

@Override
public void configure(WebSecurity webSecurity) throws Exception {
    webSecurity.ignoring().antMatchers(POST, "/interface");
}

Spring WebSecurityConfigurerAdapter允许POST吗？

1 个答案: