[英]Spring webflux Security - Disable csrf with property
我有一個 Spring WebFlux 安全性如下,並想使用屬性控制 CSRF。 如果在這里單獨檢查 CSRF,我該如何添加?
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
//.pathMatchers("/register", "/login").permitAll()
.anyExchange().authenticated()
.and().formLogin()
.securityContextRepository(securityContextRepository())
.and()
.exceptionHandling()
.accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
.and().csrf().disable()
.build();
}
您只需添加以下內容:
// All your stuff up here then
if(!csrfEnabled) {
http.csrf().disable();
}
return http.build();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.