Java spring-boot 页面访问问题
[英]Java spring-boot problem with access to pages
问题描述
I have a problem with spring-boot-security.
我对 spring-boot-security 有疑问。 Problem: can't access /getuser (403 Forbidden)问题:无法访问/getuser(403 Forbidden)
WebConfig:网络配置:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/styles/**", "/error").permitAll()
.antMatchers("/users", "/userlog").hasRole(AdminRoles.DEV.name())
.antMatchers("/logs", "/updlog").hasAnyRole(AdminRoles.DEV.name(), AdminRoles.ADMIN.name())
.antMatchers("/update", "/getuser", "/").hasAnyRole(AdminRoles.DEV.name(), AdminRoles.ADMIN.name(),
AdminRoles.MODERATOR.name())
.anyRequest().authenticated()
.and()
.formLogin();
}
/getuser in controller: controller 中的 /getuser:
@RequestMapping("/getuser")
public String getuser(String userData, int server, Model model) throws SQLException, Exception{
model.addAttribute("user", base.GetUser(userData, server));
return "index";
}
UPD1: I can access / without any problems UPD1:我可以访问/没有任何问题
UPD2: I can access any page except pages which return index with model UPD2:除了返回索引为 model 的页面外,我可以访问任何页面
UPD3: SecurityContextHolder.getContext().getAuthentication().getAuthorities().equals("ROLE_DEV") // true UPD3: SecurityContextHolder.getContext().getAuthentication().getAuthorities().equals("ROLE_DEV") // true
1 个解决方案
解决方案1
0 2022-08-06 13:16:08
I've added .csrf().disable() in configure method and it helped me!我在配置方法中添加了.csrf().disable() ,它帮助了我!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.