我用弹簧靴开发了一个应用程序,工作正常.有一个安静的控制器.我试图在某些页面添加spring security.其余控制器的端点是
/api/greetings
我在下面的课程中配置了安全设置.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home","/api/greetings").permitAll()
//.antMatchers("/api/greetings","").permitAll()//can't do this
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
现在,当我尝试从Rest-client(Postman)访问Rest端点时,只有GET方法可以访问,如果我尝试POST,PUT或DELETE,我将获得403 Forbidden响应.
{
"timestamp": 1467223888525,
"status": 403,
"error": "Forbidden",
"message": "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.",
"path": "/api/greetings/2"
}
我该如何解决这个问题.我是Spring Security的新手.