springboot 2.1.3 RELEASE
引入security
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
html使用了 frameset 标签,在请求页面的时候就会报错,类似
'X-Frame-Options' to 'deny'.
解决办法
在 WebSecurityConfigurerAdapter 的继承实现类里面覆盖 configure(HttpSecurity http)
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable().// 解决页面框架不能获取子页面
and().
csrf().disable().authorizeRequests()
.antMatchers("/login","/regist","/user/regist")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginProcessingUrl("/user/login")
.permitAll()
.successHandler((httpServletRequest, httpServletResponse, authentication) -> {
System.out.println("登陆成功处理==============");
//跳转到首页
httpServletResponse.sendRedirect("/main");
})
.failureHandler((httpServletRequest, httpServletResponse, e) -> {
System.out.println("登陆失败处理=============");
//返回到登陆页面
httpServletResponse.sendRedirect("/login");
})
.and()
//登出
.logout()
.logoutSuccessHandler(((httpServletRequest, httpServletResponse, authentication) -> {
System.out.println("登出成功处理=============");
httpServletResponse.sendRedirect("/login");
}));
// .and()
// .exceptionHandling()
// .authenticationEntryPoint(((httpServletRequest, httpServletResponse, e) -> {
// //应该回到当前页面,并且状态不变
// }));
}
有注释 // 解决页面框架不能获取子页面 那里就是解决的代码了,网上都没有加上.add(),不完整。