Springboot在网络上工作,但在邮递员中不起作用吗?
我正在尝试构建具有春季安全性的真正基本的用户/角色CRUD。
我创建了两种帐户类型:管理员和用户。
进入此URL后:http:// localhost:8080/api/v1/员工首先登录,然后得到结果
当我尝试通过Postman连接时,问题开始。我无法超越登录。
无论如何我都无法超越登录。我尝试了其他控制器,但同样的事情也发生了。
我做错了吗?我错过了一步吗?
I'm trying to build to build a really basic user/role CRUD with spring security.
I created 2 types of accounts: admin and user.
After I go to this URL: http://localhost:8080/api/v1/employees first I get login and after that I get the result
The problem start when I try to connect via postman. I can't get past the login.
I can't get past the login no matter what. I tried other controller but the same thing happens.
Am I doing something wrong? Am I missing a step?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
昨天我遇到了这个问题,很可能是同一回事。
我禁用了
websecurityConfigurerAdapter的类中的CSRF,以使其工作。如果您要进入生产,则可能应该使其启用。我的
websecurityconfig类:我不完全了解CSRF保护是如何保护的,因此如果您尝试从浏览器登录,可能会有问题。输出
.csrf()。disable()I had this problem yesterday, it's most likely the same thing.
I disabled csrf in the class that extends
WebSecurityConfigurerAdapterto get it to work. If you're moving into production, you should probably leave it enabled.My
WebSecurityConfigclass:I don't fully understand how the csrf protection so there might be issues if you try to log in from a browser. Uncomment out the
.csrf().disable()when you want to run in from a browser要在Postman中打电话,您需要在调用端点时通过适当的授权(令牌标头/cookie)。在您当前的情况下,Postman要么向您显示一个登录页面,即您看到的HTML,或者是错误页面,因为未经授权
To make a call in Postman, you need to pass a proper authorization (token header/cookie) when calling an endpoint. In your current case, Postman either shows you a login page which is that HTML you see, or an error page because unauthorized