Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/366.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring security x-frame-option_Java_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring security x-frame-option

Java Spring security x-frame-option

java spring spring-boot spring-security

Java Spring security x-frame-option,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我有一个SpringBootWeb服务器,它使用httpWebSecurityAdapter 我正在尝试在我的Angular应用程序中的div中显示一些网页(HTML CSS、javascript)。 如果启用,X-frame不允许我执行此操作。 我只想对特定类型的请求禁用x-frame选项 现在我什么都禁用了。我只想做一个特定的网址 http.headers().frameOptions().disable() 您将需要提供多个WebSecurity配置适配器配置。换句话说,每个url模式都

我有一个SpringBootWeb服务器,它使用httpWebSecurityAdapter

我正在尝试在我的Angular应用程序中的div中显示一些网页(HTML CSS、javascript)。 如果启用,X-frame不允许我执行此操作。 我只想对特定类型的请求禁用x-frame选项

现在我什么都禁用了。我只想做一个特定的网址

http.headers().frameOptions().disable()
您将需要提供多个WebSecurity配置适配器配置。换句话说,每个url模式都有多个安全配置

下面是一个示例配置:

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    // @Order is to specify which WebSecurityConfigurerAdapter should be considered first. This configuration has the highest priority.
    // This configuration is activated for url pattern: /home/**
    @Order(1)
    @Configuration    
    public static class DefaultSecurityConfiguration extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {          
            http.antMatcher("/home/**")
            .authorizeRequests()
            .anyRequest().authenticated()               
            .and().formLogin()
            .and().httpBasic();         
        }
    }

    // This configuration is considered after DefaultSecurityConfiguration since it has @Order(2).
    // This configuration is activated for url pattern: /registerUser/**
    @Order(2)
    @Configuration    
    public static class DisabledFrameOptionsSecurityConfigurer extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {          
            http.antMatcher("/registerUser/**")             
            .authorizeRequests()
            .anyRequest().permitAll();
            http.headers().frameOptions().sameOrigin();
        }
    }
}