没有Spring Security 的spring boot web api出现错误403

83qze16e  于 2021-07-03  发布在  Java
关注(0)|答案(1)|浏览(424)

我正在用以下pom配置构建一个基于springboot的webapi

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.4.0</version>
        <relativePath />
    </parent>

    <properties>
        <!-- Required section -->
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <maven.compiler.target>8</maven.compiler.target>
        <maven.compiler.source>8</maven.compiler.source>
        <java.version>1.8</java.version>
        <java-platform-sdk.version>0.5</java-platform-sdk.version>
        <springdoc.openapi.version>1.4.2</springdoc.openapi.version>
        <springdoc.openapi.maven.plugin.version>1.0</springdoc.openapi.maven.plugin.version>
        <spring.boot.maven.plugin.version>2.1.10.RELEASE</spring.boot.maven.plugin.version>
        <sonar.language>java</sonar.language>
        <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
        <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
        <jacoco.version>0.8.3</jacoco.version>
        <sonar.coverage.jacoco.xmlReportPaths>target/jacoco-ut/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
        <sonar.host.url>http://10.151.9.50:9000</sonar.host.url>
        <sonar.login>admin</sonar.login>
        <sonar.password>admin</sonar.password>
        <argLine></argLine>
        <!-- /Required section -->
    </properties>

    <dependencies>
        <!-- Required section -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-logging</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>org.springframework.retry</groupId>
            <artifactId>spring-retry</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-neo4j</artifactId>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.12</version>
            <scope>provided</scope>
        </dependency>

        <!-- Test -->
        <dependency>
            <groupId>org.junit.vintage</groupId>
            <artifactId>junit-vintage-engine</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>io.projectreactor</groupId>
            <artifactId>reactor-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!-- Log -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-log4j2</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springdoc</groupId>
            <artifactId>springdoc-openapi-webflux-ui</artifactId>
            <version>${springdoc.openapi.version}</version>
        </dependency>

    </dependencies>

    <repositories>
        <!-- Required section -->
        <repository>
            <id>central</id>
            <name>Maven Central</name>
            <url>https://repo1.maven.org/maven2/</url>
        </repository>
        <repository>
            <id>spring-releases</id>
            <name>Spring Releases</name>
            <url>https://repo.spring.io/libs-release</url>
        </repository>
        <repository>
            <id>neo4j</id>
            <name>Neo4j</name>
            <url>http://m2.neo4j.org/</url>
        </repository>
        <!-- /Required section -->
    </repositories>

    <build>
        <plugins>
            <!-- Required section -->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>${spring.boot.maven.plugin.version}</version>
                <executions>
                    <execution>
                        <id>pre-integration-test</id>
                        <goals>
                            <goal>start</goal>
                        </goals>
                    </execution>
                    <execution>
                        <id>post-integration-test</id>
                        <goals>
                            <goal>stop</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.springdoc</groupId>
                <artifactId>springdoc-openapi-maven-plugin</artifactId>
                <version>${springdoc.openapi.maven.plugin.version}</version>
                <executions>
                    <execution>
                        <id>integration-test</id>
                        <goals>
                            <goal>generate</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <apiDocsUrl>http://localhost:8080/api-docs</apiDocsUrl>
                    <outputFileName>swagger.json</outputFileName>
                    <outputDir>${project.basedir}/../../infrastructure/platform/api</outputDir>
                </configuration>
            </plugin>
            <!-- /Required section -->
        </plugins>
    </build>

</project>

我建立了verious控制器,但当我tr调用他们的方法,这是不是http得到我得到一个403错误,在网上看,似乎这个问题源于csrf保护,但我不明白的是,为什么这个保护是启用我的项目,如果我没有导入spring引导安全。这个链接甚至提供了一个过程来禁用这个不需要的保护,但在多次尝试之后,我明白,要遵循这个过程,你必须将整个spring引导安全性导入到你的项目中,否则你会得到一个运行时错误,否则这些设置将被忽略,但我发现奇怪的是,我必须导入一大块我想知道是否有更好的方法来做到这一点,或者我在pom.xml上犯了一个错误,因为我发现导入一个hevay框架块,然后禁用它的所有内容是不合法的。

m2xkgtsf

m2xkgtsf1#

您的应用程序中似乎启用了Spring Security ,您的构建路径中可能有spring安全jar。您可以从构建路径中排除springsecurityjar,也可以尝试下面的config类来查看这是否有效
@Configuration 公共类securityconfig扩展了WebSecurityConfigureAdapter{

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().anyRequest().permitAll();
}

}

相关问题