从1.5.7迁移到Spring Boot 2-不支持请求方法POST-CSRF已被禁用

时间:2018-08-10 07:29:28

标签: spring-boot jsf spring-security undertow wildfly-12

我们已将软件从Spring Boot 1.5.7迁移到Spring Boot 2。 我们通过在pom.xml中加入joinfaces-parent来使用JSF。

在启动时,一切正常,但是登录呼叫不起作用:

Request method 'POST' not supported

这可能是Spring Security问题? CSRF已被禁用。

这是我们的SecurityConfig文件:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    ...
    @Override
    protected void configure(HttpSecurity http) {
        try {

            http.csrf().disable().authorizeRequests()
                    .antMatchers("/javax.faces.resource/**", Page.LOGIN.getUrlForSecurityContext())
                    .permitAll()
                    .and()

                    ........

                    // *** login configuration
                    .formLogin()
                    .loginPage(Page.LOGIN.getUrlForSecurityContext()).permitAll()
                    .failureUrl(Page.LOGIN.getUrlForSecurityContext() + "?error=true")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .successHandler(authenticationSuccessHandler)
                    .and()

             ...........

            // @formatter:on
        } catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

    .......

}

登录请求未到达我们的后端。 我发现此错误是由dispatcher.forward函数(从xhtml调用)产生的。这里的功能:

public void login() throws ServletException, IOException {
    final ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();

    final RequestDispatcher dispatcher = ((ServletRequest) context.getRequest()).getRequestDispatcher("/login");

    dispatcher.forward((ServletRequest) context.getRequest(), (ServletResponse) context.getResponse());

    FacesContext.getCurrentInstance().responseComplete();
}

发生错误消息时,这里有更多日志:

[io.undertow.servlet] (default task-3) Initializing Spring FrameworkServlet 'dispatcherServlet'
16:02:20,926 INFO  [org.springframework.web.servlet.DispatcherServlet] (default task-3) FrameworkServlet 'dispatcherServlet': initialization started
16:02:20,938 INFO  [org.springframework.web.servlet.DispatcherServlet] (default task-3) FrameworkServlet 'dispatcherServlet': initialization completed in 12 ms
16:02:20,949 WARN  [org.springframework.web.servlet.PageNotFound] (default task-3) Request method 'POST' not supported
16:02:20,973 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] (default task-3) Cannot forward to error page for request [/login] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false

多谢指教!

1 个答案:

答案 0 :(得分:0)

Spring Security配置对我来说还可以。您的登录控制器有问题。我想调用您的login方法是为了响应来自客户端的POST请求。然后,它尝试转发此POST以呈现登录页面,并最终引发异常。显然,它应该是GET请求而不是POST。

相关问题
最新问题