在 ff4j 上启用 spring 安全性时如何创建功能切换?
[英]How to create feature toggling when spring security is enabled on ff4j?
问题描述
I did the following steps and I don't understand why I did not succeed on the last one:
我做了以下步骤,但我不明白为什么最后一个没有成功:
- clone this repository克隆此存储库
- start spring boot app启动 spring 启动应用程序
- browse to http://localhost:5002/ff4j-web-console/features浏览到 http://localhost:5002/ff4j-web-console/features
- login with
user/user(also triedadmin/adminandsuperuser/superuser)使用user/user登录(也尝试过admin/admin和superuser/superuser) - try to create new feature but got a 403 error message尝试创建新功能但收到 403 错误消息
I want to have the console (+api) protected by a basic authentication but I want to be able to do anything when I'm logged.我希望控制台(+api)受到基本身份验证的保护,但我希望在登录时能够做任何事情。 How can I achieve this?我怎样才能做到这一点? Am I missing something on how security works between spring and ff4j?我是否遗漏了 spring 和 ff4j 之间的安全性如何工作?
1 个解决方案
解决方案1
1 已采纳 2020-06-30 18:19:15
Using Spring Security with Java configuration, CSRF protection is enabled by default.使用 Spring Security 和 Java 配置,CSRF 保护默认启用。 In this context, if you make an Ajax request to a REST endpoint using POST method, you will get a csrf token missing error.在这种情况下,如果您使用 POST 方法向 REST 端点发出 Ajax 请求,您将收到 csrf 令牌丢失错误。
To fix it, in class SecurityConfig change configure method with the following.要修复它,在 class SecurityConfig中更改configure方法如下。 The code has been updated in github as well. github 中的代码也已更新。
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().formLogin();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.