[英]403 CSRF token error using Vaadin with Spring Security
我正在尝试在 vaadin 应用程序中实现 spring security,但是我遇到了一个问题,登录到页面后,它显示了一个错误:
{"status":403,"error":"Forbidden","message":"无法验证提供的 CSRF 令牌,因为未找到您的会话。","path":"/"}
我尝试了很多东西,但它们都不起作用,这是我的标准安全配置类:
//SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
控制器类:
//HomeController.java
@RestController
public class HomeController {
@GetMapping("/")
public String index() {
return "Welcome to the home page!";
}
@GetMapping("/error")
public String error(){
return "Error!";
}
}
和 Vaadin UI 类
//VaadinUI.java
@SpringUI
public class VaadinUI extends UI {
VerticalLayout layout = new VerticalLayout();
com.vaadin.ui.Label label = new com.vaadin.ui.Label("Witaj");
@Autowired
public VaadinUI() {}
@Override
protected void init(VaadinRequest request) {
setContent(layout);
layout.addComponent(label);
}
}
还有我的 pom.xml
//pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>example.com</groupId>
<artifactId>LDAPSpringInitializr</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>LDAPSpringInitializr</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<vaadin.version>8.0.5</vaadin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-bom</artifactId>
<version>${vaadin.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
如何将 Vaadin 与 Spring Security 一起使用? 我想稍后将 Spring Security 与 LDAP 连接起来。
我对 Vaadin 不太熟悉,但是这篇文章https://vaadin.com/blog/-/blogs/filter-based-spring-security-in-vaadin-applications表明 Vaadin 已经提供了 CSRF 保护,所以你可以通过在 Spring 中禁用它
@Override
protected void configure(final HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}
在您的 SecurityConfig 中。
使用带有 Spring Security v3.0.0 和 Thymeleaf 的 csrf 出现意外错误(类型=禁止,状态=403)
[英]Unexpected error (type=Forbidden, status=403) using csrf with Spring Security v3.0.0 and Thymeleaf
即使禁用 csrf,Spring 安全 403 禁止错误也会不断发生
[英]Spring security 403 forbidden error keeps happening even with csrf disable
访问特定于应用程序的 url 时在 Spring security oauth 中出现 403 错误(access_token 有效且 csrf 被禁用)
[英]Getting 403 error in Spring security oauth while accessing application specific urls (access_token is valid and csrf is disabled)
Spring 启动 -- 使用 CSRF 令牌发布请求产生 403 错误
[英]Spring Boot -- Post request with CSRF token produce 403 error
我正在使用xml配置通过angularjs增强Spring安全性,但遇到了与CSRF令牌相关的错误
[英]I am imlementing spring security with angularjs using xml configuration but getting error related to CSRF token
使用Spring Security时如何在速度宏中获取CSRF令牌
[英]How to obtain csrf token in a velocity macro when using spring security
Spring 使用 CSRF 令牌的安全性,即使未指定并关闭
[英]Spring Security using CSRF token even though not specified and turned off
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.