已经回答了许多与此主题相关的问题。尽管如此,我无法弄清楚为什么我的使用Spring Security 4.1.1 Release Version的Spring Boot应用程序对每个POST请求都抛出403 Forbidden错误。感谢您为解决此问题所提供的帮助
下面是我实现的WebSecurityMvcAdapter接口的配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${currentProfile.cors.source}")
private String corsOrigin;
@Bean
public JWTAuthenticationEntryPoint jwtAuthenticationEntryPoint() {
return new JWTAuthenticationEntryPoint();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList(corsOrigin));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("x_api_key"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().cors().disable()
.and().authorizeRequests().anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint());
httpSecurity. addFilterBefore(new CsrfHeaderFilter(), CsrfFilter.class);
httpSecurity .addFilterAfter(new JWTAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class).httpBasic();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/v2/api-docs",
"/configuration/ui",
"/swagger-resources/**",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**");
}
}