0

我试图在 Spring 中禁用 Spring 安全性可以使用此配置:

@SpringBootApplication(scanBasePackages = { ...... },
        exclude = SecurityAutoConfiguration.class)
public class Application {

    public static void main(final String[] args)
    {
        SpringApplication.run(Application.class, args);
    }
}

当我提出请求时,我得到:An expected CSRF token cannot be found

并提示我得到:

01:14:35.799 [boundedElastic-1] DEBUG DefaultWebSessionManager[lambda$createWebSession$3:94] - Created new WebSession. 01:14:35.862 [boundedElastic-1] DEBUG HttpWebHandlerAdapter[traceDebug:91] - [375ab2a1] Completed 403 FORBIDDEN

你知道最新的 Spring Cloud 如何禁用 Spring Security 吗?

4

1 回答 1

0

您可以使用属性文件禁用它: security.enable.csrf=false

或者:

csrf您可以通过扩展WebSecurityConfigurerAdapter类和覆盖configure方法来禁用。请参阅此 spring 文档

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .csrf().disable();
  }
}
于 2021-05-01T23:23:31.343 回答