error: “Forbidden“ message: “Forbidden“

最新推荐文章于 2023-11-23 15:17:16 发布

我自是年少韶华倾负

最新推荐文章于 2023-11-23 15:17:16 发布

阅读量5.6k

点赞数 2

分类专栏： java 文章标签： csrf

本文链接：https://blog.csdn.net/qq_38345598/article/details/113954540

版权

java 专栏收录该内容

87 篇文章 2 订阅

订阅专栏

错误信息截图:

原因:

ajax请求中没有添加 csrf token参数

解决:

1 关闭跨站请求

package com.example.demo.Config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/","/home","/css/**","/js/**","/img/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                .permitAll()
        .and().csrf().disable();
    }

    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        UserDetails user =
                User.withDefaultPasswordEncoder()
                        .username("user")
                        .password("password")
                        .roles("USER")
                        .build();

        return new InMemoryUserDetailsManager(user);
    }
}

2 在ajax请求头部添加上csrf _token

页面头部

<html> 
<head> 
    <meta  name = “_csrf” content = “${_csrf.token}” /> 
    <!-- 默认标题名称是X-CSRF-TOKEN  --> 
    <meta  name = “_csrf_header”  content = “${_csrf.headerName}” /> 
</ head>

var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$.ajax({
    url:url,
    type:'POST',
    async:false,
    dataType:'json',    //返回的数据格式：json/xml/html/script/jsonp/text
    beforeSend: function(xhr) {
        xhr.setRequestHeader(header, token);  //发送请求前将csrfToken设置到请求头中
    },
    success:function(data,textStatus,jqXHR){
    }
});

3 如果form表单的话可以添加一个隐藏域

 <input type = “hidden" name = “${_csrf.parameterName}" value = “${_csrf.token}" />

我自是年少韶华倾负

关注

2
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
error: “Forbidden“ message: “Forbidden“

错误信息截图:原因:ajax请求中没有添加 csrf token参数解决:1 关闭跨站请求package com.example.demo.Config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotat.
复制链接

扫一扫

专栏目录