Java Spring webflux安全-使用属性禁用csrf
我有一个SpringWebFlux安全性,如下所示,并希望使用属性控制CSRF。我如何在这里添加单独检查CSRF的ifJava Spring webflux安全-使用属性禁用csrf,java,spring-security,spring-webflux,Java,Spring Security,Spring Webflux,我有一个SpringWebFlux安全性,如下所示,并希望使用属性控制CSRF。我如何在这里添加单独检查CSRF的if @Bean public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) { return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permi
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
//.pathMatchers("/register", "/login").permitAll()
.anyExchange().authenticated()
.and().formLogin()
.securityContextRepository(securityContextRepository())
.and()
.exceptionHandling()
.accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
.and().csrf().disable()
.build();
}
您只需添加如下内容:
// All your stuff up here then
if(!csrfEnabled) {
http.csrf().disable();
}
return http.build();