猿问

Spring Security - j_spring_security_check

我是 Spring Security 的新员工。如果我按登录,站点:http://localhost:8080/j_spring_security_check发生在


HTTP Status 403 – Forbidden

Type Status Report


Message Forbidden


Description The server understood the request but refuses to authorize it.


Apache Tomcat/9.0.12

这是web.xml


<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>

            /WEB-INF/spring/webcontext/security-context.xml

        </param-value>

    </context-param>

    <listener>

        <listener-class>

            org.springframework.web.context.ContextLoaderListener

        </listener-class>

    </listener>

    <filter>

        <filter-name>springSecurityFilterChain</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    </filter>

    <filter-mapping>

        <filter-name>springSecurityFilterChain</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

    <servlet>

        <servlet-name>DefaultServlet</servlet-name>

        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

        <init-param>

            <param-name>contextConfigLocation</param-name>

            <param-value>/WEB-INF/spring/webcontext/DispatcherServlet-context.xml</param-value>

        </init-param>

        <load-on-startup>1</load-on-startup>

    </servlet>

    <servlet-mapping>

        <servlet-name>DefaultServlet</servlet-name>

        <url-pattern>/</url-pattern>

    </servlet-mapping>

</web-app>


小唯快跑啊
浏览 366回答 2
2回答

喵喵时光机

因为请求不包含csrf令牌,因为spring security会自动启用它,csrf令牌必须与请求一起发送。简单地禁用它不是一个好主意,这会使整个应用程序大开。将以下隐藏输入添加到您的表单中,<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>如果要禁用csrf支持,请在security-context.xml. (春季 4+)<http>&nbsp; &nbsp; <csrf disabled="true"/></http>
随时随地看视频慕课网APP

相关分类

Java
我要回答