Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求
这是我第一次决定用完整的Java代码配置编写基于Spring引导和Spring安全性的应用程序,我遇到了无法超越的奇怪问题。我正在尝试用Postman测试API,我的请求只有在使用内容类型为application/x-www-form-urlencoded时才被接受。下面我粘贴我的所有当前配置Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,这是我第一次决定用完整的Java代码配置编写基于Spring引导和Spring安全性的应用程序,我遇到了无法超越的奇怪问题。我正在尝试用Postman测试API,我的请求只有在使用内容类型为application/x-www-form-urlencoded时才被接受。下面我粘贴我的所有当前配置 @SpringBootApplication public class OpenIdApplication { public static void main(String[] args) {
@SpringBootApplication
public class OpenIdApplication {
public static void main(String[] args) {
SpringApplication.run(OpenIdApplication.class, args);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private UserService userService;
@Autowired
public SecurityConfig(UserService userService) {
this.userService = userService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(11);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/register/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.cors()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
}
@RestController
public class UserController {
...
@PostMapping(value = "/register")
public ResponseEntity<Object> registerUser(
@RequestBody UserRegistrationDto newUser, BindingResult bindingResult) {
...
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class UserRegistrationDto {
private String username;
private String firstName;
private String lastName;
private String email;
private String password;
private String passwordRepeat;
}
当然,每次我都要确保csrf与API返回的匹配
我使用的是Spring Boot 2.0.1.RELEASE和Spring Security 5.0.3.RELEASE。我非常确定Ant模式
“/register/**”
匹配所有以/register/
()开头的URL,而您发布到/register
(末尾没有斜杠)。你应该试试
.antMatchers("/register*").permitAll()
或
第一个匹配以/register
开头的任何URL,而第二个匹配您的@PostMapping
.antMatchers("/register*").permitAll()
.mvcMatchers(HttpMethod.POST, "/register").permitAll()