Spring Security 405不支持POST方法,尽管在表单中发送CSRF令牌

yr9zkbsy  于 2023-11-19  发布在  Spring
关注(0)|答案(1)|浏览(163)

version:spring Boot 3.15当我向后端提交我的用户名和密码时,它总是得到一个405响应,就像这样enter image description here但是,首先,控制器是Post,表单方法也是Post

@Controller
public class LoginController {
    @GetMapping("/login")
    public String login() {
        return "login";
    }

    @GetMapping("/success")
    public String success() {
        return "success";
    }

    @GetMapping("/error")
    public String error() {
        return "error";
    }

    @Autowired
    AuthenticationManager authenticationManager;

    @PostMapping("/doLogin")
    public void doLogin(@RequestBody User user){
        Authentication authenticationRequest =
                UsernamePasswordAuthenticationToken.
                        unauthenticated(user.username(), user.password());
        Authentication authenticationResponse =
                this.authenticationManager.authenticate(authenticationRequest);
    }

    public record User(String username, String password){

    }
}

字符串
这是形式

<!DOCTYPE html>
<!--<%@ taglib uri="http://www.springframework.org/tags/form" prefix="f"%>-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Please Log In</title>
</head>
<body>
<h1>Please Log In</h1>
<div th:if="${param.error}">
    Invalid username and password.</div>
<div th:if="${param.logout}">
    You have been logged out.</div>
<form th:action="@{/doLogin}" method="post">
<!--    <input type="hidden"  th:name="${_csrf.parameterName}" th:value="${_csrf.token}"/>-->
    <div>
        <input type="text" name="username" placeholder="Username"/>
    </div>
    <div>
        <input type="password" name="password" placeholder="Password"/>
    </div>
    <input type="submit" value="Log in" />
</form>
</body>
</html>


其次,csrf存在。enter image description here最后,这是我的配置

@EnableWebSecurity
@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//        http.csrf((csrf) -> csrf.disable());
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers("/login","/doLogin").permitAll()
                        .anyRequest().authenticated()
                );

        http
                .formLogin(form -> form
                        .loginPage("/login")
                        .loginProcessingUrl("/doLogin")
                        .successForwardUrl("/success")
                        .permitAll()
                );
        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("123456")
                .password("123456")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(userDetails);
    }

    @Bean
    public AuthenticationManager authenticationManager(
            UserDetailsService userDetailsService)
            {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();

        authenticationProvider.setUserDetailsService(userDetailsService);

        ProviderManager providerManager = new ProviderManager(authenticationProvider);

        return providerManager;
    }
}


这个问题困扰了我好几天,我不知道如何解决它。

qjp7pelc

qjp7pelc1#

因为你的http.formLogin配置了successForwardUrl(“/success”),当doLogin认证成功时,你会被转发到成功页面,但是请求方法是GET,所以405会appear.you可以使用@RequestMapping("/success")

相关问题