Java 弹簧靴csrf滤波器
我试图为一些特定的api调用启用csrf过滤器,而其他调用则不需要csrf过滤器Java 弹簧靴csrf滤波器,java,spring,spring-mvc,spring-security,spring-boot,Java,Spring,Spring Mvc,Spring Security,Spring Boot,我试图为一些特定的api调用启用csrf过滤器,而其他调用则不需要csrf过滤器 @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/public/**").permitAll(); http.exceptionHandling().authenticationEntryP
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/public/**").permitAll();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.csrf().disable().addFilterBefore(new StatelessCSRFFilter(), CsrfFilter.class).authorizeRequests().antMatchers("/rest/**").permitAll();
}
问题是当我调用localhost:8080/public/hello时
显示了一个错误
“消息”:“缺少或不匹配CSRF令牌”
我使用的是Spring boot和Spring Security
谢谢您的帮助。尝试将
http.csrf().disable()
更改为http.antMatcher(“/public/**”).csrf().disable()
和http.antMatcher(“/rest/**”).csrf().disable()。您可能需要将这两行分别放在它们自己的websecurityConfigureAdapter
中
这将告诉Spring Security创建多个HTTP安全过滤器链(类似于在XML模型中有多个
块)
或者你可以这样做。我想两者都会起作用
http.antMatcher("/public/**").csrf().disable();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.antMatcher("/rest/**").addFilterBefore(new StatelessCSRFFilter(), CsrfFilter.class).csrf().disable();
http.antMatcher("/public/**").csrf().disable();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.antMatcher("/rest/**").addFilterBefore(new StatelessCSRFFilter(), CsrfFilter.class).csrf().disable();