中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

springboot 訪問上傳頁面因csrf出現403的問題

發布時間:2020-08-07 02:25:58 來源:ITPUB博客 閱讀:336 作者:flzhang 欄目:編程語言


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private Logger logger = LoggerFactory.getLogger(this.getClass());

    @Autowired
    MemDetailsService memDetailsService;


    @Autowired
    SimpleLoginSuccessHandler simpleLoginSuccessHandler;


    @Override
    //WebSecurity:For example, if you wish to ignore certain requests.
    //用于配置類似防火墻,放行某些URL。
    public void configure(WebSecurity web) throws Exception {
        // 設置不攔截規則
        //web.ignoring().antMatchers("/js/**", "/css/**", "/images/**", "/**/favicon.ico", "/swagger*/**", "/image/**", "/webjars/**","/v2/**");
        web.ignoring().antMatchers("/js/**", "/css/**", "/images/**", "/**/favicon.ico", "/image/**");
    }

    @Override
    //HttpSecurity:一般用它來具體控制權限,角色,url等安全的東西。
    protected void configure(HttpSecurity http) throws Exception {
        // 設置CSRF規則
        http.csrf().requireCsrfProtectionMatcher(new SimpleCsrfSecurityRequestMatcher()).and().
                // 設置攔截規則
                        authorizeRequests()
                .antMatchers("/api/**", "/index", "/updateIndex.html", "/browserIndex.html", "/policy-zcff.html", "/policy-hydj.html", "/policy-jf.html", "/policy-card.html", "/faq.html", "/cm/satCm01Init", "/cm/satCm01List", "/faq/satFaq01", "/logout", "/loginSso", "/bulterservice.html", "/verifySso").permitAll()
                .antMatchers("/autoconfig/**", "/beans/**", "/configprops/**", "/dump/**", "/env/**", "/health/**", "/info/**", "/metrics/**", "/mappings/**", "/shutdown/**", "/trace/**").access("hasRole('ADMIN')")
                .anyRequest().authenticated()
                .and().formLogin().loginPage("/login").usernameParameter("saID").passwordParameter("password").permitAll().defaultSuccessUrl("/home", true).failureForwardUrl("/index").successHandler(simpleLoginSuccessHandler)
                .and().logout().logoutUrl("/logout").logoutSuccessUrl("/index")
                .and().exceptionHandling().accessDeniedPage("/logout")
                .and().sessionManagement().maximumSessions(1).expiredUrl("/index");
    }

    @Override
    //用于配置Authentication,比如LDAP, Database連接,以及用戶和角色的查詢方法。
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setHideUserNotFoundExceptions(false);
        daoAuthenticationProvider.setUserDetailsService(memDetailsService);


        auth.authenticationProvider(daoAuthenticationProvider);
        //auth.userDetailsService(memDetailsService);
        //.passwordEncoder(new BCryptPasswordEncoder())
    }
}

要解決403訪問權限問題 必須加http.csrf().requireCsrfProtectionMatcher(new SimpleCsrfSecurityRequestMatcher()
要把上傳頁面URL過濾掉才能解決403
SimpleCsrfSecurityRequestMatcher具體實現

public class SimpleCsrfSecurityRequestMatcher implements RequestMatcher {

    private Logger logger = LoggerFactory.getLogger(this.getClass());

    private Pattern allowedMethods = Pattern
            .compile("^(GET|HEAD|TRACE|OPTIONS)$");


    @Override
    public boolean matches(HttpServletRequest request) {
        if (execludeUrls.size() > 0) {
            String servletPath = request.getServletPath();
            for (String url : execludeUrls) {
                if (servletPath.contains(url)) {
                    logger.debug("SimpleCsrfSecurityRequestMatcher排除的url:" + servletPath);
                    return false;
                }
            }
        }
        return !allowedMethods.matcher(request.getMethod()).matches();
    }

    /**
     * 需要排除的url列表
     */
    private final List execludeUrls = new ArrayList() {{
        add("/upload");
        add("/upload/uploadActivateAttachment");
        add("/buy02");
        add("/buy02/uploadActivationSel");

    }};
}

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

弋阳县| 尤溪县| 岳西县| 彭水| 宁安市| 石首市| 乌兰浩特市| 平安县| 阳山县| 炎陵县| 新干县| 广汉市| 泗洪县| 庄浪县| 邯郸县| 高平市| 台前县| 子洲县| 读书| 讷河市| 通河县| 徐闻县| 保山市| 山丹县| 曲水县| 揭东县| 齐齐哈尔市| 绍兴县| 汉中市| 德保县| 庆元县| 石柱| 临朐县| 成安县| 诸城市| 安吉县| 山丹县| 天门市| 德江县| 乌兰浩特市| 眉山市|