spring-security-csrf
阿新 • • 發佈:2021-06-24
README.md
# adapa-security ### 1. Introduction **adapa-security**是基於spring-security實現的安全驗證元件。 ### 2. QuickStart #### pom.xml ```xml <dependency> <groupId>com.adapa.security</groupId> <artifactId>adapa-security</artifactId> <version>1.1.3</version> </dependency> ``` ###3. adapa-security 配置項清單 ```yaml ``` #### 3.1 說明 ##### 3.1.1 啟用 security adapa-security 目前主要是用於實現 CSRF安全驗證,其它使用者身份驗證相關功能暫未實現,使用時需關閉其它驗證功能,只開啟CSRF驗證,配置如下: ``` http.cors() .and() .authorizeRequests() .anyRequest() .permitAll() //.accessDecisionManager(null) .and() .formLogin() .permitAll() .and() .logout() .permitAll() .and() .csrf()//.disable() //關閉CSRF .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) ```
POM.XML
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>adapa</artifactId> <groupId>com.adapa.security</groupId> <version>1.1.6.2-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> <modelVersion>4.0.0</modelVersion> <groupId>com.adapa.security</groupId> <artifactId>adapa-security</artifactId> <version>${adapa.version}</version> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> <scope>compile</scope> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-logging</artifactId> </exclusion> <exclusion> <artifactId>jackson-databind</artifactId> <groupId>com.fasterxml.jackson.core</groupId> </exclusion> <exclusion> <groupId>javax.annotation</groupId> <artifactId>javax.annotation-api</artifactId> </exclusion> <exclusion> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> </exclusion> <exclusion> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> </exclusion> </exclusions> </dependency> </dependencies> </project>