无法禁用csrf Spring启动
[英]Cannot disable csrf Spring boot
问题描述
I'm developing an android app and I'm using Spring as a REST backend. 
我正在开发一个Android应用程序,我使用Spring作为REST后端。
Every time I try to make post request to the server I get a 403 response with this message "Expected CSRF token not found. Has your session expired?". 每当我尝试向服务器发出post请求时,我都会收到403响应,并显示“未找到预期的CSRF令牌。您的会话是否已过期?”。
I tried to disable csrf in the application.properties and with my own WebSecurityConfigurerAdapter implementation but to no avail. 我试图在application.properties和我自己的WebSecurityConfigurerAdapter实现中禁用csrf,但无济于事。
Did I miss something ? 我错过了什么 ?
2 个解决方案
解决方案1
0 2016-03-11 18:19:42
Try this : 尝试这个 :
.invalidateHttpSession(true)
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.csrf()//Disabled CSRF protection
.disable();
Add this on your logoutSuccessHandler(...) 在你的logoutSuccessHandler(...)上添加这个
解决方案2
0 2019-02-12 18:11:56
There are different ways to disable CSRF in Spring boot , by default in spring boot is enable 在Spring引导中有不同的方法可以禁用CSRF,默认情况下在spring boot中启用
1. By Java Configuration 1.通过Java配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
2. By Application.yml 2.通过Application.yml
security.enable-csrf: false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.