roo*_*oot 3 java spring-mvc spring-security
我正在使用 SpringMVC 开发一个简单的 Java Web 应用程序。启用安全性后,尽管我已经通过了身份验证,但我无法向服务器发送 HTTP post 请求(从 index.jsp)。当安全性未实现时,POST 请求确实有效。所以我认为这是我的问题SecurityConfig.java你能帮我解决这个问题吗?非常感谢
错误代码 :
\n\nHTTP Status 403 \xe2\x80\x93 Forbidden\n\nType Status Report\n\nMessage Forbidden\n\nDescription The server understood the request but refuses to authorize it.\n这是我的安全配置。
\n\n安全配置.java
\n\n import org.springframework.beans.factory.annotation.Autowired;\n import org.springframework.context.annotation.Configuration;\n import org.springframework.http.HttpMethod;\n import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\n import org.springframework.security.config.annotation.web.builders.HttpSecurity;\n import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\n import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\n\n @Configuration\n @EnableWebSecurity\n public class SecurityConfig extends WebSecurityConfigurerAdapter {\n\n @Autowired\n public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {\n auth.inMemoryAuthentication().withUser("user1").password("{noop}123456").roles("USER");\n\n }\n\n @Override\n protected void configure(HttpSecurity http) throws Exception {\n\n http\n .formLogin()\n .and()\n .authorizeRequests()\n .antMatchers("/index").hasRole("USER")\n .antMatchers(HttpMethod.POST, "/index").hasRole("USER");\n\n }\n }\n索引.jsp
\n\n<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>\n<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>\n<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"\n "http://www.w3.org/TR/html4/loose.dtd">\n<html>\n<head>\n<META http-equiv="Content-Type" content="text/html; charset=UTF-8">\n<title>Registration</title>\n</head>\n<body>\n\n <form action=\'@{/index}\' method="POST">\n <div class="form-group">\n\n <td><textarea class="form-control" name="textForm">${text1}</textarea> \n <input type="submit" value="Submit">\n <textarea name="textFin">${textFinal}</textarea></td>\n </form>\n </div>\n\n\n</body>\n</html>\n添加
http.csrf().disable();配置方法。
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.authorizeRequests()
.antMatchers("/index").hasRole("USER")
.antMatchers(HttpMethod.POST, "/index").hasRole("USER")
.and()
.csrf().disable();
}
你jsp对 感到困惑thymleaf。编辑jsp file为:
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Registration</title>
</head>
<body>
<form:form action="/index" method="POST">
<div class="form-group">
<td><textarea class="form-control" name="textForm">${text1}</textarea>
<input type="submit" value="Submit">
<textarea name="textFin">${textFinal}</textarea></td>
</form:form>
</div>
</body>
</html>
你提供的豆子UserDetailService对我不起作用。我不得不这样改变它:
@Bean
public UserDetailsService userDetailsService() {
// ensure the passwords are encoded properly
@SuppressWarnings("deprecation")
UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("me").password("me").roles("USER").build());
return manager;
}
| 归档时间: |
|
| 查看次数: |
3954 次 |
| 最近记录: |