Java SpringMVC(安全)-403错误
我正在用SpringMVC开发一个简单的JavaWeb应用程序。启用了安全性后,我无法向服务器发送HTTP post请求(从index.jsp),尽管我已经通过了身份验证。当未实现安全性时,POST请求不起作用。所以我认为我的Java SpringMVC(安全)-403错误,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我正在用SpringMVC开发一个简单的JavaWeb应用程序。启用了安全性后,我无法向服务器发送HTTP post请求(从index.jsp),尽管我已经通过了身份验证。当未实现安全性时,POST请求不起作用。所以我认为我的SecurityConfig.java代码有问题。你能帮我解决这个问题吗?非常感谢 错误代码: HTTP Status 403 – Forbidden Type Status Report Message Forbidden Description The serve
SecurityConfig.java
代码有问题。你能帮我解决这个问题吗?非常感谢
错误代码:
HTTP Status 403 – Forbidden
Type Status Report
Message Forbidden
Description The server understood the request but refuses to authorize it.
这是我的安全配置
SecurityConfig.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("{noop}123456").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.authorizeRequests()
.antMatchers("/index").hasRole("USER")
.antMatchers(HttpMethod.POST, "/index").hasRole("USER");
}
}
index.jsp
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Registration</title>
</head>
<body>
<form action='@{/index}' method="POST">
<div class="form-group">
<td><textarea class="form-control" name="textForm">${text1}</textarea>
<input type="submit" value="Submit">
<textarea name="textFin">${textFinal}</textarea></td>
</form>
</div>
</body>
</html>
登记处
${text1}
${textFinal}
添加
http.csrf().disable()代码>以配置方法
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.authorizeRequests()
.antMatchers("/index").hasRole("USER")
.antMatchers(HttpMethod.POST, "/index").hasRole("USER")
.and()
.csrf().disable();
}
您将jsp
与trymleaf
混淆。将jsp文件编辑为:
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Registration</title>
</head>
<body>
<form:form action="/index" method="POST">
<div class="form-group">
<td><textarea class="form-control" name="textForm">${text1}</textarea>
<input type="submit" value="Submit">
<textarea name="textFin">${textFinal}</textarea></td>
</form:form>
</div>
</body>
</html>
您好,谢谢您的回复。抱歉耽搁了。我通过添加http..csrf().disable()使代码正常工作代码>你能把它添加到你的回复中吗。所以我可以将其标记为正确答案?非常感谢您的回复,并澄清了我对jsp页面的困惑,还告诉了我另一种验证用户身份的方法。
@Bean
public UserDetailsService userDetailsService() {
// ensure the passwords are encoded properly
@SuppressWarnings("deprecation")
UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("me").password("me").roles("USER").build());
return manager;
}