免责声明:我知道如何使用百万富翁手动注入令牌:
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />`
这篇文章的目标是提高平台的知识,并更好地了解Spring Boot中的内容
我没有尝试过Spring Boot,但最近我决定尝试一下,并且不得不承认它很棒,但是在Spring MVC上使用Thymeleaf和Security,我不需要在表单上注入CSRF令牌(POST),因为Thymeleaf会自动处理它,但现在Spring Boot因为某种原因没有.
从Spring Boot Reference中,我找到了application.properties文件中使用的常用属性的列表,与thymeleaf和security相关的属性是:
Thymeleaf Properties
spring.thymeleaf.check-template-location=true
spring.thymeleaf.prefix=classpath:/templates/
spring.thymeleaf.excluded-view-names= # comma-separated list of view names that should be excluded from resolution
spring.thymeleaf.view-names= # comma-separated list of view names that can be resolved
spring.thymeleaf.suffix=.html
spring.thymeleaf.mode=HTML5
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.content-type=text/html # ;charset=<encoding> is added
spring.thymeleaf.cache=true # set to false for hot refresh
安全属性
security.user.name=user # login username
security.user.password= # login password
security.user.role=USER # role assigned to the user
security.require-ssl=false # …