在我的SpringBoot项目中,我试图实现csfr安全性。特别是,该项目只通过resttemplate调用端点((RESTAPI get和post)。
//CONTROLLER
@GetMapping("/RT_Get1")
public void getWithRestTemplateGet1() throws Exception{
try {
fourStoreService.getWithRestTemplateGet1();
} catch (final Exception e) {
this.errorLog(methodName, e);
throw e;
}
}
//SERVICE
@ResponseBody
public void getWithRestTemplateGet1() {
try {
String url = protocol + ip + root + gets.get(0);
HttpHeaders headers = new HttpHeaders();
headers.setBasicAuth(username, password);
HttpEntity request = new HttpEntity(headers);
try {
if (url.startsWith("https")) {
restTemplate = getRestTemplateForSelfSsl();
} else {
restTemplate = new RestTemplate();
}
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.GET, request, String.class);
HttpStatus statusCode = response.getStatusCode();
logger.info("STATUS GET1: " + statusCode);
} catch (HttpStatusCodeException e) {
logger.error(e.getMessage());
}
} catch (Exception e) {
logger.error(e.getMessage());
}
}我实现了如下csrf配置类:
public class CSRFSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${security.enable-csrf}")
private boolean csrfEnabled;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("{noop}password").roles("USER");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").hasAnyRole("USER").and().formLogin().loginPage("/login")
.permitAll();
if (csrfEnabled) {
http.csrf().disable();
}
}激活和停用变量在application.yml中设置。
security:
enable:
csrf: false但我怎么知道csfr安全是否有效。。。当我使用rest模板打电话时,可以添加什么类型的日志?请帮帮我。
暂无答案!
目前还没有任何答案,快来回答吧!