春季安全与邮政法冲突
我正在尝试将Spring Basic Auth实施到应用程序中。我在应用程序中添加了效率线。专业:
#Security
security:
user:
name: admin
password: admin因此,弹簧将自己创建一个Web Security Config Bean。但是我进行了一些测试,除了发布403状态以外,除了发布时,所有方法都按预期进行了预期。我浏览了网络,发现它是由于CSRF保护而发生的,并将其禁用,创建了其他Web安全配置类:
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
return http.build();
}
}
但是,它完全禁用身份验证。用户不需要密码和登录才能使用资源。 我的问题是,如何以帖子方法不会投掷403的方式配置身份验证?我是否需要编写完整的Web安全配置并从Application.properties或有另一种方法中删除这4行?提前致谢。
I am trying to implement Spring basic auth into the app. I added the folowing lines to application.properties:
#Security
security:
user:
name: admin
password: adminSo the Spring will create a web security config bean by itself. But I ran some tests and everything works as expected for any method besides POST as it throws 403 status. I browsed the web and discovered that it happens due to csrf protection and I disabled it, creating additional web security config class:
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
return http.build();
}
}
However, it completely disables the authentication. The user does not need a password and a login to use the resources.
My question is, how do I configure the authentication in a way POST method will not throw 403? Do I need to write a full web security config and delete those 4 lines from application.properties or there is an alternative way? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论