[英]How to create feature toggling when spring security is enabled on ff4j?
I did the following steps and I don't understand why I did not succeed on the last one:我做了以下步骤,但我不明白为什么最后一个没有成功:
user/user
(also tried admin/admin
and superuser/superuser
)使用user/user
登录(也尝试过admin/admin
和superuser/superuser
)I want to have the console (+api) protected by a basic authentication but I want to be able to do anything when I'm logged.我希望控制台(+api)受到基本身份验证的保护,但我希望在登录时能够做任何事情。 How can I achieve this?我怎样才能做到这一点? Am I missing something on how security works between spring and ff4j?我是否遗漏了 spring 和 ff4j 之间的安全性如何工作?
Using Spring Security with Java configuration, CSRF protection is enabled by default.使用 Spring Security 和 Java 配置,CSRF 保护默认启用。 In this context, if you make an Ajax request to a REST endpoint using POST method, you will get a csrf token missing error.在这种情况下,如果您使用 POST 方法向 REST 端点发出 Ajax 请求,您将收到 csrf 令牌丢失错误。
To fix it, in class SecurityConfig
change configure
method with the following.要修复它,在 class SecurityConfig
中更改configure
方法如下。 The code has been updated in github as well. github 中的代码也已更新。
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().formLogin();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.