Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求_Java_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求

Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求

java spring spring-boot spring-security

Java 弹簧&x2B;Spring安全请求仅接受内容类型为x-www-form-urlencoded的请求,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,这是我第一次决定用完整的Java代码配置编写基于Spring引导和Spring安全性的应用程序,我遇到了无法超越的奇怪问题。我正在尝试用Postman测试API,我的请求只有在使用内容类型为application/x-www-form-urlencoded时才被接受。下面我粘贴我的所有当前配置 @SpringBootApplication public class OpenIdApplication { public static void main(String[] args) {

这是我第一次决定用完整的Java代码配置编写基于Spring引导和Spring安全性的应用程序,我遇到了无法超越的奇怪问题。我正在尝试用Postman测试API,我的请求只有在使用内容类型为application/x-www-form-urlencoded时才被接受。下面我粘贴我的所有当前配置

@SpringBootApplication
public class OpenIdApplication {
    public static void main(String[] args) {
        SpringApplication.run(OpenIdApplication.class, args);
    }
}

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private UserService userService;

    @Autowired
    public SecurityConfig(UserService userService) {
        this.userService = userService;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(11);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/register/**").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin()
            .and()
                .cors()
            .and()
                .csrf()
                    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

}

@RestController
public class UserController {
    ...    

    @PostMapping(value = "/register")
    public ResponseEntity<Object> registerUser(
            @RequestBody UserRegistrationDto newUser, BindingResult bindingResult) {
       ...
    }

@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class UserRegistrationDto {
    private String username;
    private String firstName;
    private String lastName;
    private String email;
    private String password;
    private String passwordRepeat;
}
当然,每次我都要确保csrf与API返回的匹配

我使用的是Spring Boot 2.0.1.RELEASE和Spring Security 5.0.3.RELEASE。

我非常确定Ant模式
“/register/**”
匹配所有以
/register/
()开头的URL,而您发布到
/register
(末尾没有斜杠)。你应该试试

.antMatchers("/register*").permitAll()

第一个匹配以
/register
开头的任何URL,而第二个匹配您的
@PostMapping

.antMatchers("/register*").permitAll()

.mvcMatchers(HttpMethod.POST, "/register").permitAll()