仅使用Spring Security CSRF功能 [英] Using just Spring Security CSRF feature
问题描述
我只想使用Spring Security的CSRF功能,而没有其他任何身份验证/授权功能,因为这些功能是由第三方提供商为我提供的。如果可以做到,我该如何告诉Spring不要寻找任何带有其依赖bean的身份验证管理器,而只是拦截所有URL,并添加csrf令牌。
I'd like to use just the Spring Security's CSRF feature without any of the other authentication/authorization features since those features are provided by a third party provider for me. If this can be done, how do I tell Spring not to look out for any authentication manager with its dependent beans and just intercept all URLs, and add the csrf token.
推荐答案
我通过进行以下更改/添加使CSRF功能正常运行。另外,我在jsp中使用了< form:form>
标记来利用Spring令牌的自动插入。
I got the CSRF feature working by making the following changes/additions. Also, I used the <form:form>
tag in my jsp to leverage the automatic insertion of the token by Spring.
个罐子:
spring-security-acl-4.0.0.RC1.jar
spring-security-config-4.0.0.RC1.jar
spring-security-core-4.0.0.RC1.jar
spring-security-taglibs-4.0.0.RC1.jar
spring-security-web-4.0.0.RC1.jar
web.xml添加项:
web.xml additions:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
添加了新的Java文件:
New java file added:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class TgtWebSecurityConfigureAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().permitAll();
}
}
Marco-仅使用CSRF过滤器,工作。
Marco - With just the CSRF filter, it does not work.
这篇关于仅使用Spring Security CSRF功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!