Sping Boot 3/Spring Security 6 Vaadin 24应用程序上的POST请求问题

holgip5t  于 2023-11-16  发布在  Spring
关注(0)|答案(1)|浏览(114)

我有一个Vaadin应用程序,我正试图将其从Vaadin 14升级到24,这带来了从Spring Security 5/Sping Boot 2到Spring Security 6和Sping Boot 3的沿着升级。
我遇到了一个路由问题,它有一个@AnonymousAllowed注解,它接受一个包含JSON结构的x-www-urlencoded参数。
我添加了CommonsRequestLoggingFilter来将请求转储到日志文件中,我可以看到它正在到达应用程序。
参数到达应用程序,记录器记录payload = payRequest = JSON结构。
日志的下一行写着

FilterChainProxy.doFilterInternal - Securing GET /?v-r=init&location=payments-list%2Fexternal-api&query=

字符串
看起来参数(payRequest)已经消失了。当请求正确路由到Vaadin视图时,请求中没有参数。看起来它已经转换为没有参数的GET。
我得到了正确的地方在我的应用程序,但我似乎已经失去了参数在我的POST请求的方式。
感谢任何人有任何建议,以什么可能会发生。所有这一切都在Vaadin 14完美的作品。

27-11:58:47.616 [https-jsse-nio-8443-exec-24] DEBUG o.s.w.f.CommonsRequestLoggingFilter.beforeRequest - Before request [POST /wbcarpv24sb-2.0.0/payments-list/external-api, client=x.x.x.x]
27-11:58:47.616 [https-jsse-nio-8443-exec-24] DEBUG o.s.w.s.DispatcherServlet.traceDebug - POST "/wbcarpv24sb-2.0.0/payments-list/external-api", parameters={masked}
27-11:58:47.617 [https-jsse-nio-8443-exec-24] DEBUG c.v.f.s.VaadinServletConfiguration$RootExcludeHandler.getHandler - Mapped to org.springframework.web.servlet.mvc.ServletForwardingController@2a4e714f
27-11:58:47.637 [https-jsse-nio-8443-exec-24] DEBUG o.s.w.s.DispatcherServlet.logResult - Completed 200 OK
27-11:58:47.637 [https-jsse-nio-8443-exec-24] DEBUG o.s.w.f.CommonsRequestLoggingFilter.afterRequest - After request [POST /wbcarpv24sb-2.0.0/payments-list/external-api, client=192.x.x.x, session=FFBDDCFBFE7D5EDD3AE3EBECC9654604, payload=payRequest=%7B%22sid%22%3A%22000000%22%2C%22bu%22%3A%22MKCC%22%2C%22agentId%22%3A%22TestAgent%22%2C%22rurl%22%3A%22digest%22%3A%2266b09ea9e4bc8279a752db5b089e457f3a68a9ae50f776b38a6d842d314b4d4016bc83d734888c1318b9170aa061bbbd70654a1c67c9c42d47ad2a8d5f7f9940%22%7D]
27-11:58:47.703 [https-jsse-nio-8443-exec-27] DEBUG o.s.s.w.FilterChainProxy.doFilterInternal - Securing GET /?v-r=init&location=payments-list%2Fexternal-api&query=
........

c.S.a.u.c.u.v.x.l.MainLayout.afterNavigation - MainLayout - afterNavigation()payments-list/external-api
27-11:58:47.821 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - In Set Parameter method of payment list
27-11:58:47.821 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Context Path/wbcarpv24sb-2.0.0
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Heartbeat = 300
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Production Mode  = true
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Close Idle Sessions = false
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Original Location = payments-list/external-api
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - queryParameters is NOT null ....
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - Query String =
27-11:58:47.822 [https-jsse-nio-8443-exec-28] INFO  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - parametersMap is NOT null .... 0
27-11:58:47.822 [https-jsse-nio-8443-exec-28] WARN  c.S.a.u.c.u.v.x.e.ExApiPaymentsList.afterNavigation - payRequest IS null

nuypyhwy

nuypyhwy1#

今天早些时候,我的Sping Boot 应用程序也遇到了类似的问题,结果发现Spring CSRF保护可能会导致POST请求出现问题。

HttpSecurity.csrf(Customizer)

字符串
pattern SecurityConfig.java文件中SecurityFilterChain的示例代码:

@Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http
                .csrf(httpSecurityCsrfConfigurer -> httpSecurityCsrfConfigurer.disable())
                .authorizeHttpRequests(auth -> {

                        auth.requestMatchers("/").permitAll();
                        auth.requestMatchers("/your_endpoint1").permitAll();
                        auth.requestMatchers("/your_endpoint2").permitAll();
                        auth.anyRequest().authenticated(); 
                        }
                )
                .httpBasic(withDefaults())
                .build();

    }

相关问题