Spring Boot Security XML vs WebSecurityConfigurerAdapter for CSRF
Question
I am migrating my Spring Application to Spring Boot.
I have an extensive security.xml file which maps all my controller code to the different Authentication Providers.
I know I can create a WebSecurityConfigurerAdapter and convert them to code, however, its not possible in the short term.
I can use the security.xml with ImportResource and works but all my controllers return back a CSRF Error
I tried making a class as this:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
And Spring Boot Application
@ImportResource(locations = {"classpath:security.xml"})
public class MyApplication extends SpringBootServletInitializer
Now when I remove the ImportResource , the CSRF disable in WebSecurityConfig works, but if I have it doesn't work.
I tried adding the csrf disabled = true tag under <http> tag in my xml file but it is not working.
Any way to disable CSRF in Spring Boot using XML or somehow get it to consider both the XML and WebSecurityConfigurerAdapter class?
1 answers
solution1
0 2018-01-02 04:18:59
You may try to add the tag
[sec:csrf disabled="true"][/sec:csrf]
in your xml config
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.