当我在服务器上部署我的应用程序时,第一次我可以毫无问题地登录。但是当我注销时,我在注销发布请求中收到“403 Forbidden”。然后我无法成功登录,因为我在登录请求上收到 403 错误。
Ctrl+F5,尝试再次登录......它可以工作,但只能一次。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/apps", "/sites", "/users").authenticated()
.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
和 CsrfHeaderFilter 类:
public class CsrfHeaderFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
response.setHeader("X-CSRF-HEADER", token.getHeaderName());
response.setHeader("X-CSRF-PARAM", token.getParameterName());
response.setHeader("X-XSRF-TOKEN", token.getToken());
if (token != null) {
Cookie cookie = WebUtils.getCookie(request, "X-XSRF-TOKEN");
if (cookie == null || token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("X-XSRF-TOKEN", token.getToken());
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
和角度:
$httpProvider.defaults.xsrfHeaderName = 'X-XSRF-TOKEN';
如果重要的话,我的应用程序部署在 localhost:8080/myApp 上。