Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/url/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用spring security创建/注册新用户?_Spring_Spring Security_Restful Authentication - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 使用spring security创建/注册新用户?

使用spring security创建/注册新用户?

spring spring-security

使用spring security创建/注册新用户?,spring,spring-security,restful-authentication,Spring,Spring Security,Restful Authentication,我正在学习和开发RESTfulAPI,作为我未来android应用程序的后端。我使用spring框架。我使用SpringSecurity来限制对某些资源的访问。 我有一个UserController,其方法是创建(params..),它应该创建新用户 @RestController public class UserController { private UserService userService; private CreateFormValidator createFor

我正在学习和开发RESTfulAPI,作为我未来android应用程序的后端。我使用spring框架。我使用SpringSecurity来限制对某些资源的访问。 我有一个UserController,其方法是创建(params..),它应该创建新用户

@RestController
public class UserController {
    private UserService userService;
    private CreateFormValidator createFormValidator;
    @Autowired
    public UserController(UserService userService, CreateFormValidator createFormValidator) {
        this.userService = userService;
        this.createFormValidator = createFormValidator;
    }
    @InitBinder
    public void initBinder(WebDataBinder binder) {
        binder.addValidators(createFormValidator);
    }

    @RequestMapping(value = "/user/create", method = RequestMethod.POST)
    String create(@RequestBody @Valid CreateForm createForm, BindingResult bindingResult) {

        if (bindingResult.hasErrors()) {
            return "user_create";
        }
        try {
            userService.create(createForm);
        } catch (DataIntegrityViolationException e) {
            bindingResult.reject("username.exists", "Username already exists");
            return "user_create";
        }
        return "redirect:/login";
    }
}
为了安全起见,现在我在这里只指定“user/create/”是允许所有人使用的

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("user/create").permitAll();
    }
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(new BCryptPasswordEncoder());
    }
}
但当我测试它并用json主体发布“user/create”时

{
  "username" : "name",
  "password" : "1234",
  "repeatedPassword" : "1234"
}
我得到:

“错误”:“禁止”消息:“发现无效的CSRF令牌“null” 在请求参数“\u csrf”或标头“X-csrf-TOKEN”上。”

你能解释一下为什么在配置类中有此url的权限访问时是禁止的吗?如何修复它?提前谢谢

看一看

如果您使用的是rest客户端,请将X-CSRF-TOKEN包含到请求头中。您将从对服务的一个get请求中获得csrf令牌值

或者尝试以下方法:

{
  "username" : "name",
  "password" : "1234",
  "repeatedPassword" : "1234",
  "_csrf" : "token value"
}
您需要添加csrf令牌