Java spring security在使用AJAX登录时显示403错误_Java_Ajax_Spring_Spring Security_Http Status Code 403

Java spring security在使用AJAX登录时显示403错误

java ajax spring spring-security

Java spring security在使用AJAX登录时显示403错误,java,ajax,spring,spring-security,http-status-code-403,Java,Ajax,Spring,Spring Security,Http Status Code 403,我知道有很多问题已经存在，与这个错误有关，但我已经尝试了几乎所有的方法，没有解决我的问题 <security:form-login login-page="/home" default-target-url="/home" authentication-failure-handler-ref="myAuthenticationFailureHandler"

我知道有很多问题已经存在，与这个错误有关，但我已经尝试了几乎所有的方法，没有解决我的问题

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

当我在浏览器控制台中提交表单时，我看到

Failed to load resource: the server responded with a status of 403 (Forbidden)

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

我的项目在Spring4.0.3、SpringSecurity4.0.1、Java8中，运行在wildfly 8.x服务器上

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

我的ajax调用是

 $.ajax({
           url: "j_spring_security_check",    
           data: $('#loginForm').serialize(), 
           type: "POST",
           beforeSend: function (xhr) {
              xhr.setRequestHeader("X-Ajax-call", "true");
           },
           success: function(result) {       
                if (result == "not-ok") {
                  $('.error').show();
                  $('.login-error').html(CREDENTIAL_CHECK) ;
                  return false;
                } else {
                    $('.error').hide();
                    document.location = result;
                }
           },
            error: function(XMLHttpRequest, textStatus, errorThrown){
                $('.error').show();
                $('.login-error').html(NETWORK_CHECK) ;
                return false; 
            }
        });

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

我的安全配置：

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

我试着设置

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

<security:headers disabled="true" />

<security:csrf disabled="true" />

在服务器控制台中，我也没有看到任何错误

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

我还可以做什么来修复此错误？我已经在这个问题上浪费了2天的时间

这个问题创建CSFR保护，因为在Spring Security 4.x中默认启用，并且所有GET和POST请求都有令牌，当您不创建这个令牌服务器时，会显示403错误。您可以轻松禁用此安全性

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>

这里有xml配置文件

java conf

Url是

login

not

j_-spring\u-security\u-check

。这是怎么说的？检查控制器中的ajax Url是否存在。并确保您的控制器中有RequestMethod.POST。spring security 4中的登录url已更改，以与java config中使用的url相匹配。因此，它也显示403错误。我想。问题在于其他方面。我使用的是wildfly8

<security:form-login    login-page="/home" 
                        default-target-url="/home"
                        authentication-failure-handler-ref="myAuthenticationFailureHandler" 
                        authentication-success-handler-ref="myAuthenticationSuccessHandler"
/>
<security:logout logout-success-url="/logout" 
                 invalidate-session="true" 
                 delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
/>