zoukankan      html  css  js  c++  java
  • spring security 跨域防伪攻击

    applicationContext-security.xml中配置

     1 <http use-expressions="true" disable-url-rewriting="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
     2         <!-- <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
     3         <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     4         <intercept-url pattern="/logincheck" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     5         <intercept-url pattern="/error/accessdenied*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
     6         <!-- <intercept-url pattern="/messagecode/getimagecode*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
     7         <!-- 跨站请求伪造 -->
     8         <csrf />
     9         <access-denied-handler ref="accessDeniedHandler"/>
    10 
    11         <intercept-url pattern="/**" access="isAuthenticated()" />
    12 
    13         <session-management session-authentication-strategy-ref="sas" />
    14         <!-- 登出 -->
    15         <logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
    16         <!-- 登录 -->
    17         <custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER" />
    18 
    19         <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
    20 
    21         <custom-filter ref="mySecurityFilter" before="FILTER_SECURITY_INTERCEPTOR" />
    22         <!-- 切换微信公众号 -->
    23         <custom-filter ref="switchWxUserFilter" position="SWITCH_USER_FILTER" />
    24 
    25     </http>

    详细可查spring官网csrf。。。

    spring的form:form表单点击提交是,spring会为表单元素自动加上防伪标签,上传文件是相当于提交两次form表单,因此还需手动再加一次。

  • 相关阅读:
    lucene入门
    ssm框架整合
    springmvc异常处理器和拦截器
    软件测试的策略是什么?
    软件质量保证体系是什么 国家标准中与质量保证管理相关的几个标准是什么?他们的编号和全称是什么?
    • β测试
    • α测试
    • 白盒测试
    黑盒测试
    • 数据库的兼容性
  • 原文地址:https://www.cnblogs.com/guoziyi/p/6008604.html
Copyright © 2011-2022 走看看