[英]Error 403 on Spring Boot web API without Spring Security
我正在使用以下 POM 配置构建基于 Spring 引导的 web API
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.0</version>
<relativePath />
</parent>
<properties>
<!-- Required section -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.target>8</maven.compiler.target>
<maven.compiler.source>8</maven.compiler.source>
<java.version>1.8</java.version>
<java-platform-sdk.version>0.5</java-platform-sdk.version>
<springdoc.openapi.version>1.4.2</springdoc.openapi.version>
<springdoc.openapi.maven.plugin.version>1.0</springdoc.openapi.maven.plugin.version>
<spring.boot.maven.plugin.version>2.1.10.RELEASE</spring.boot.maven.plugin.version>
<sonar.language>java</sonar.language>
<sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<jacoco.version>0.8.3</jacoco.version>
<sonar.coverage.jacoco.xmlReportPaths>target/jacoco-ut/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
<sonar.host.url>http://10.151.9.50:9000</sonar.host.url>
<sonar.login>admin</sonar.login>
<sonar.password>admin</sonar.password>
<argLine></argLine>
<!-- /Required section -->
</properties>
<dependencies>
<!-- Required section -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-neo4j</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.12</version>
<scope>provided</scope>
</dependency>
<!-- Test -->
<dependency>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<!-- Log -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-webflux-ui</artifactId>
<version>${springdoc.openapi.version}</version>
</dependency>
</dependencies>
<repositories>
<!-- Required section -->
<repository>
<id>central</id>
<name>Maven Central</name>
<url>https://repo1.maven.org/maven2/</url>
</repository>
<repository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</repository>
<repository>
<id>neo4j</id>
<name>Neo4j</name>
<url>http://m2.neo4j.org/</url>
</repository>
<!-- /Required section -->
</repositories>
<build>
<plugins>
<!-- Required section -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${spring.boot.maven.plugin.version}</version>
<executions>
<execution>
<id>pre-integration-test</id>
<goals>
<goal>start</goal>
</goals>
</execution>
<execution>
<id>post-integration-test</id>
<goals>
<goal>stop</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-maven-plugin</artifactId>
<version>${springdoc.openapi.maven.plugin.version}</version>
<executions>
<execution>
<id>integration-test</id>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
<configuration>
<apiDocsUrl>http://localhost:8080/api-docs</apiDocsUrl>
<outputFileName>swagger.json</outputFileName>
<outputDir>${project.basedir}/../../infrastructure/platform/api</outputDir>
</configuration>
</plugin>
<!-- /Required section -->
</plugins>
</build>
</project>
我构建了非常好的 controller 但是当我用不是 HTTP GET 的方法调用它们时,我收到 403 错误, 在网上查找似乎问题源于 csrf 保护,但我不明白为什么启用此保护如果我没有导入 Spring Boot Security,在我的项目中。 该链接甚至提供了禁用这种不需要的保护的过程,但经过多次尝试后,我了解到要遵循该过程,您必须将整个 Spring 引导安全导入您的项目,否则您会收到运行时错误或这些设置将被忽略但我觉得很奇怪,我必须导入一大块框架只是为了禁用不需要的保护,我想知道是否有更好的方法来做到这一点,或者我在 pom.xml 上犯了一个错误,因为我发现并且不雅导入一大块框架,然后禁用它的所有内容。
似乎 spring 安全已在您的应用程序中启用,并且您可能在构建路径中有 spring 安全 jars。 您可以从构建路径中排除 spring 安全 jars 或尝试以下配置 class 以查看是否有效
@Configuration public class SecurityConfig 扩展 WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().anyRequest().permitAll();
}
}
在不使用spring security的情况下在spring boot中获取静态资源的403
[英]Getting a 403 for static resources in spring boot without using spring security
使用Spring Boot + Spring Security时图像上出现错误403
[英]Error 403 on image when using Spring Boot + Spring Security
AJAX / Spring MVC-没有Spring安全性的403禁止的错误
[英]AJAX / Spring MVC - 403 Forbidden Error without Spring Security
在没有 spring-boot-starter-web 的情况下配置 Spring Security AuthenticationManager
[英]Configure Spring Security AuthenticationManager without spring-boot-starter-web
为什么Spring Security在此Spring Boot REST API项目上不起作用? 它总是给我“ 403 Forbidden”错误
[英]Why Spring Security doesn't works on this Spring Boot REST API project? It always give me “403 Forbidden” error
403 Forbidden for OpenApiSwagger in Spring Boot Security
[英]403 Forbidden for OpenApiSwagger in Spring Boot Security
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.