Spring Security - j_spring_security_check
我是 Spring Security 的新员工。如果我按登录,站点:http://localhost:8080/j_spring_security_check发生在
HTTP Status 403 – Forbidden
Type Status Report
Message Forbidden
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.12
这是web.xml
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/webcontext/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>DefaultServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/webcontext/DispatcherServlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
小唯快跑啊2回答
-
喵喵时光机
因为请求不包含csrf令牌,因为spring security会自动启用它,csrf令牌必须与请求一起发送。简单地禁用它不是一个好主意,这会使整个应用程序大开。将以下隐藏输入添加到您的表单中,<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>如果要禁用csrf支持,请在security-context.xml. (春季 4+)<http> <csrf disabled="true"/></http>
随时随地看视频慕课网APP
相关分类
Java