spring security 4 csrf 通过 xml 禁用 [英] spring security 4 csrf disable via xml

问题描述

有没有办法通过 XML 配置在 Spring Security 中禁用 CSRF 令牌?我在网上只看到 java 配置..可以基于 xml 的例子.使用 spring 框架 4.0

Is there a way to disable CSRF token in spring security via XML configuration? I see only java configuration online..can xml based examples. Using spring framework 4.0

推荐答案

从 Spring Security 4.0 开始，CSRF 保护默认启用XML 配置.如果您想禁用 CSRF 保护，对应的 XML 配置见下图.

As of Spring Security 4.0, CSRF protection is enabled by default with XML configuration. If you would like to disable CSRF protection, the corresponding XML configuration can be seen below.

<http>
  <!-- ... -->
  <csrf disabled="true"/>
</http>

Java 配置默认启用 CSRF 保护.如果你想禁用CSRF，对应Java配置即可见下文.有关其他信息，请参阅 csrf() 的 Javadoc自定义 CSRF 保护的配置方式.

CSRF protection is enabled by default with Java configuration. If you would like to disable CSRF, the corresponding Java configuration can be seen below. Refer to the Javadoc of csrf() for additional customizations in how CSRF protection is configured.

@EnableWebSecurity
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
  .csrf().disable();
}
}

见下方链接http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#csrf-configure

这篇关于spring security 4 csrf 通过 xml 禁用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！