Java Spring安全、REST和403状态
这是我的Spring启动应用程序的Spring安全配置Java Spring安全、REST和403状态,java,rest,spring-boot,spring-security,Java,Rest,Spring Boot,Spring Security,这是我的Spring启动应用程序的Spring安全配置 @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Autowired
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Autowired
private PasswordEncoder passwordEncoder;
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder(8);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/registration", "/restaurants").permitAll()
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.rememberMe()
.and()
.logout()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService)
.passwordEncoder(passwordEncoder);
}
}
那是我的控制器:
@RestController
@RequestMapping(value = RestaurantController.REST_URL, produces = MediaType.APPLICATION_JSON_VALUE)
public class RestaurantController {
static final String REST_URL = "/restaurants";
private final Logger log = LoggerFactory.getLogger(getClass());
@Autowired
RestaurantService restaurantService;
@PostMapping(consumes = MediaType.APPLICATION_JSON_VALUE)
public RestaurantTo create(@Valid @RequestBody Restaurant restaurant) {
log.info("create new restaurant");
return restaurantService.create(restaurant);
}
}
我尝试使用POSTMAN测试RESTful,POSTMAN是对“/restaurant”的POST请求。
但我得到了“403禁止”。我不明白-原因是什么?请向您的post方法提供URL值,如
@PostMapping(value=REST\u URL,consumes=MediaType.APPLICATION\u JSON\u value)
它没有帮助…您是想访问/restaurant
还是/restaurants
。根据您的问题,您似乎正在访问与任何允许的匹配程序都不匹配的/restaurant
。@MaksimRybalkin您是否在请求中发送了CSRF令牌?如dur所述,请尝试在请求中包含CSRF令牌,或通过添加CSRF().disable()进行配置(HttpSecurity http)来禁用测试的CSRF