Using spring security with jwt.
My spring security config:
@RequiredArgsConstructor
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final JwtFilter jwtFilter;
private final exceptionHandler exceptionHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/v1/users/**").hasAnyRole("USER")
.antMatchers("/api/v1/admin/**").hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.addFilterBefore(jwtFilter, FilterSecurityInterceptor.class)
.exceptionHandling().authenticationEntryPoint(exceptionHandler);
}
}
When I send GET Request everything is fine. But when I send POST:
org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource
If i add .csrf().disable()
it will help, but i don't understand how it works. Why is Get request OK but post without .csrf().disable()
throwing an exception?
Can i pass POST requests without .csrf().disable()
part?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.