更新时间:2022-02-12 00:04:17
我已经创建了这个,现在可以使用了:
I have created this, and it works now:
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
这会明显地激活 SpringSecurityFilterChain.
This activates the SpringSecurityFilterChain apperently.
由于 CSRF 错误,我还不得不从 @EnableWebSecurity 切换到 @EnableWebMvcSecurity.正如在 spring 文档中所写:
I also had to switch from @EnableWebSecurity to @EnableWebMvcSecurity because of an CSRF error. As in the spring doc is written:
...原因是 Spring Security 是针对 CSRF 的attakcks 并且我们的请求中没有包含 CSRF 令牌.更新我们的使用 @EnableWebMvcSecurity 注释的配置与@EnableWebMvcSecurity 做同样的事情并提供与春天的MVC.除其他外,它将确保我们的 CSRF 令牌是使用 Thymleaf 2.1+ 或 Spring 时自动包含在我们的表单中MVC 标签库...
...The reason is that Spring Security is protecting against CSRF attakcks and there is no CSRF token include in our request. Update our configuration to use the @EnableWebMvcSecurity annotation which will do the same as @EnableWebMvcSecurity and provide integration with Spring MVC. Among other things, it will ensure our CSRF Token is included in our forms automatically when using Thymleaf 2.1+ or Spring MVC taglibs...
也感谢 M. Deinum 的评论.Spring 最近显然将/j_spring_security_check/j_password/j_username 切换为/login/password/username.
Also Thanks M. Deinum for his comment. Spring has recently switched the /j_spring_security_check /j_password /j_username to /login /password /username apparently.