我有一个Spring WebFlux安全如下,并希望使用属性控制CSRF。我如何在这里添加单独的CSRF检查?
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
//.pathMatchers("/register", "/login").permitAll()
.anyExchange().authenticated()
.and().formLogin()
.securityContextRepository(securityContextRepository())
.and()
.exceptionHandling()
.accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
.and().csrf().disable()
.build();
}
您只需添加如下内容:
// All your stuff up here then
if(!csrfEnabled) {
http.csrf().disable();
}
return http.build();