堆栈内存溢出
  简体   繁体   English

POST 请求 org.springframework.security.authentication.InsufficientAuthenticationException: 访问此资源需要完全认证

[英]POST request org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource

 原文  2022-12-13 07:12:04       java/ spring/ security

问题描述

Using spring security with jwt.使用 spring 安全与 jwt。

My spring security config:我的 spring 安全配置:

@RequiredArgsConstructor
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final JwtFilter jwtFilter;

    private final exceptionHandler exceptionHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/api/v1/users/**").hasAnyRole("USER")
                .antMatchers("/api/v1/admin/**").hasRole("ADMIN")
                .anyRequest()
                .authenticated()
                .and()
                .addFilterBefore(jwtFilter, FilterSecurityInterceptor.class)
                .exceptionHandling().authenticationEntryPoint(exceptionHandler);
    }
}

When I send GET Request everything is fine.当我发送 GET 请求时,一切都很好。 But when I send POST:但是当我发送 POST 时:

org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource

If i add .csrf().disable() it will help, but i don't understand how it works.如果我添加.csrf().disable()它会有所帮助,但我不明白它是如何工作的。 Why is Get request OK but post without .csrf().disable() throwing an exception?为什么 Get 请求正常,但没有.csrf().disable()抛出异常?

Can i pass POST requests without .csrf().disable() part?我可以在没有.csrf().disable()部分的情况下传递 POST 请求吗?

1 个解决方案

解决方案1
 0 已采纳  2022-12-13 07:59:25


To protect MVC applications, Spring adds a CSRF token to each generated view. 为了保护 MVC 应用程序,Spring 为每个生成的视图添加了一个 CSRF 令牌。 This token must be submitted to the server on every HTTP request that modifies state (PATCH, POST, PUT and DELETE — not GET). 此令牌必须在每个修改 state 的 HTTP 请求(PATCH、POST、PUT 和 DELETE — 不是 GET)上提交给服务器。
This protects our application against CSRF attacks since an attacker can't get this token from their own page. 这可以保护我们的应用程序免受 CSRF 攻击,因为攻击者无法从他们自己的页面获取此令牌。
for more information: https://www.baeldung.com/spring-security-csrf 更多信息:https://www.baeldung.com/spring-security-csrf

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 InsufficientAuthenticationException:访问此资源需要完全身份验证 - InsufficientAuthenticationException: Full authentication is required to access this resource 测试弹簧安全站。 需要完全认证才能访问此资源 - Testing spring security post. Full authentication is required to access this resource 使用Spring Security和Keycloak访问此资源需要完全认证 - Full authentication is required to access this resource with Spring Security and Keycloak Spring-Security-Oauth2:访问此资源需要完全身份验证 - Spring-Security-Oauth2: Full authentication is required to access this resource Spring Security OAuth - 访问此资源需要完全身份验证 - Spring Security OAuth - Full authentication is required to access this resource 需要一个 org.springframework.security.authentication.AuthenticationManager 类型的 bean - required a bean of type org.springframework.security.authentication.AuthenticationManager 错误未经授权,需要完全验证才能访问此资源 - Error Unauthorized, Full authentication is required to access this resource Jhipster gateway 需要完整的身份验证才能访问此资源 - Jhipster gateway Full authentication is required to access this resource 未经授权的错误:需要完全身份验证才能访问此资源 - Unauthorized error: Full authentication is required to access this resource 我从Spring启动安全设置获得“访问此资源需要完全身份验证”响应 - I am getting “Full authentication is required to access this resource” response from Spring boot security setup
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM