Spring 找不到预期的CSRF令牌
我正在尝试使用以下配置将Spring安全性禁用到最新的Spring云:Spring 找不到预期的CSRF令牌,spring,spring-boot,spring-security,spring-oauth2,Spring,Spring Boot,Spring Security,Spring Oauth2,我正在尝试使用以下配置将Spring安全性禁用到最新的Spring云: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) @Order(SecurityProperties.DEFAULT_FILTER_ORDER) public class WebSecurityConfigSec extends WebSecurityConfigurerAdapter { @Ov
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@Order(SecurityProperties.DEFAULT_FILTER_ORDER)
public class WebSecurityConfigSec extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().disable()
.authorizeRequests().anyRequest().permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/**");
}
}
application.yml
spring:
main:
allow-bean-definition-overriding: true
security:
ignored=/**:
enable-csrf: false
我还试图补充:
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
}
但它不起作用
我收到错误:找不到预期的CSRF令牌
18:16:24.537 [boundedElastic-2] DEBUG DefaultWebSessionManager[lambda$createWebSession$3:94] - Created new WebSession.
18:16:24.540 [boundedElastic-2] DEBUG HttpWebHandlerAdapter[traceDebug:91] - [1ffd0a30] Completed 403 FORBIDDEN
您知道如何解决此问题吗?根据日志
创建新的WebSession
,您的应用程序似乎是被动的。您不能通过扩展websecurityConfigureAdapter
来配置反应式应用程序中的安全性。看见