Spring Boot 3.0 + Security 6 +WebFlux导致Postman中出现“找不到预期的CSRF令牌”

eqqqjvef 于 2022-11-29 发布在 Spring

关注(0)|答案(1)|浏览(298)

以下SecurityWebFilterChain在Spring Boot 2.7.x中运行良好，但在Spring Boot 3.0.0中无法运行。在Postman中调用REST API时，它仅显示“无法找到预期的CSRF令牌”。您能教我如何解决此问题吗？

@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
    
    
    http
            .cors().disable()               
            .csrf().disable()
            
            .exceptionHandling()
            .authenticationEntryPoint((swe, e) -> 
                Mono.fromRunnable(() -> swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED))
            ).accessDeniedHandler((swe, e) -> 
                Mono.fromRunnable(() -> swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN))
            )
            .and()
            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange(exchange -> exchange                                     
                    .pathMatchers(HttpMethod.OPTIONS).permitAll()
                    .pathMatchers("/login", "/register").permitAll()                        
                    .anyExchange().authenticated()
                    .and()
                    .cors().disable()
                    .csrf().disable()
            )
            .formLogin().disable()
            .httpBasic().disable()   
            ;
            
    return http.csrf(csrf -> csrf.disable()).build();
}

spring-boot

来源：https://stackoverflow.com/questions/74575504/spring-boot-3-0-security-6-webflux-causes-an-expected-csrf-token-cannot-be-f

1条答案

按热度按时间

uqxowvwt1#

你可以试试
https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html
application.yml

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://idp.example.com/issuer

赞(0）回复(0）举报 2022-11-29

我来回答

Spring Boot 3.0 + Security 6 +WebFlux导致Postman中出现“找不到预期的CSRF令牌”

1条答案

相关问题

热门标签

最新问答