• spring security 跨域防伪攻击

    applicationContext-security.xml中配置

     1 <http use-expressions="true" disable-url-rewriting="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
 2         <!-- <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
 3         <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 4         <intercept-url pattern="/logincheck" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 5         <intercept-url pattern="/error/accessdenied*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 6         <!-- <intercept-url pattern="/messagecode/getimagecode*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
 7         <!-- 跨站请求伪造 -->
 8         <csrf />
 9         <access-denied-handler ref="accessDeniedHandler"/>
10 
11         <intercept-url pattern="/**" access="isAuthenticated()" />
12 
13         <session-management session-authentication-strategy-ref="sas" />
14         <!-- 登出 -->
15         <logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" />
16         <!-- 登录 -->
17         <custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER" />
18 
19         <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
20 
21         <custom-filter ref="mySecurityFilter" before="FILTER_SECURITY_INTERCEPTOR" />
22         <!-- 切换微信公众号 -->
23         <custom-filter ref="switchWxUserFilter" position="SWITCH_USER_FILTER" />
24 
25     </http>

    详细可查spring官网csrf。。。

    spring的form:form表单点击提交是,spring会为表单元素自动加上防伪标签,上传文件是相当于提交两次form表单,因此还需手动再加一次。
  • 相关阅读:
    CSS3权威指南 25.CSS3中的动画功能
    CSS3权威指南 24.CSS3中的变形处理
    CSS3权威指南 23.背景与边框相关样式
    CSS3权威指南 22.盒相关样式
    CSS3权威指南 20.使用选择器在页面中插入内容
    CSS3权威指南 19.选择器
    vivado中如何使用chipscope
    示波器X1探头和X10探头
    两个MMCM共享时钟输入时的严重警告和错误
    ZYNQ基础知识一
  • 原文地址:https://www.cnblogs.com/guoziyi/p/6008604.html
Copyright © 2020-2023  润新知