我正在尝试在vaadin应用程序中实现春季安全性,但是我有问题,在登录页面后,它向我显示了一个错误:
{"状态":403,"错误":"禁止","消息":"无法验证 提供CSRF令牌,因为找不到您的会话。","路径":"/"}
我正在尝试很多事情,但它们都没有起作用,这是我的标准安全配置类:
//SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
控制器类:
//HomeController.java
@RestController
public class HomeController {
@GetMapping("/")
public String index() {
return "Welcome to the home page!";
}
@GetMapping("/error")
public String error(){
return "Error!";
}
}
和vaadin UI类
//VaadinUI.java
@SpringUI
public class VaadinUI extends UI {
VerticalLayout layout = new VerticalLayout();
com.vaadin.ui.Label label = new com.vaadin.ui.Label("Witaj");
@Autowired
public VaadinUI() {}
@Override
protected void init(VaadinRequest request) {
setContent(layout);
layout.addComponent(label);
}
}
和我的pom.xml
//pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>example.com</groupId>
<artifactId>LDAPSpringInitializr</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>LDAPSpringInitializr</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<vaadin.version>8.0.5</vaadin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-bom</artifactId>
<version>${vaadin.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
如何将vaadin与弹簧安全性使用?我想稍后将弹簧安全与LDAP连接。
我对vaadin并不那么熟悉,但是这篇文章https://vaadin.com/blog/-/blogs/filter-suet-s-spring-spring-security-security-in-in-vaadin-applications建议Vaadin已经提供了CSRF保护,因此您可以在春季通过
将其禁用@Override
protected void configure(final HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}
在您的SecurityConfig中。