作者:手机用户2602908893 | 来源:互联网 | 2022-12-03 10:41
我是Spring Security的新人.如果我按下登录,则会发生以下网站:http:// localhost:8080/j_spring_security_check
HTTP Status 403 – Forbidden
Type Status Report
Message Forbidden
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.12
这是web.xml
contextConfigLocation
/WEB-INF/spring/webcontext/security-context.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
DefaultServlet
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
/WEB-INF/spring/webcontext/DispatcherServlet-context.xml
1
DefaultServlet
/
login.jsp
在这里: " method="post">
- /j_spring_security_check
标记在红色上并带有错误:Cannot resolve controller URL '/j_spring_security_check'
<%@page pageEncoding="UTF-8" cOntentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
安全的context.xml
我应该添加什么来使它正确?
1> 小智..: 检查csrf令牌
如果您使用带有帖子网址的表单标记,则应使用令牌参数 发送
要么
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
http
.csrf().disable()
应该在安全配置中允许url
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/j_spring_security_check").permitAll()