error: “Forbidden“ message: “Forbidden“

错误信息截图:

原因:

ajax请求中没有添加 csrf token参数

解决:

1 关闭跨站请求

package com.example.demo.Config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers("/","/home","/css/**","/js/**","/img/**").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout().permitAll().and().csrf().disable();}@Bean@Overridepublic UserDetailsService userDetailsService() {UserDetails user =User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();return new InMemoryUserDetailsManager(user);}
}

2 在ajax请求头部添加上csrf _token

页面头部

<html>
<head> <meta  name = “_csrf” content = “${_csrf.token}” /> <!-- 默认标题名称是X-CSRF-TOKEN  --> <meta  name = “_csrf_header”  content = “${_csrf.headerName}” />
</ head>

var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$.ajax({url:url,type:'POST',async:false,dataType:'json',    //返回的数据格式：json/xml/html/script/jsonp/textbeforeSend: function(xhr) {xhr.setRequestHeader(header, token);  //发送请求前将csrfToken设置到请求头中},success:function(data,textStatus,jqXHR){}
});

3 如果form表单的话可以添加一个隐藏域

 <input type = “hidden" name = “${_csrf.parameterName}" value = “${_csrf.token}" />

error: “Forbidden“ message: “Forbidden“相关推荐

Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresour
报错 Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subres ...
Error from server (Forbidden): Forbidden (user=system:anonymous...)
1.报错信息如下: Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, ...
Transport (VMDB) error -44: Message
关于点击电源按钮的时候出现了这情况Transport (VMDB) error -44: Message. 虚拟机有个服务没开.开始菜单--运行--services.msc 回车找到VMw ...
error: [FabricCAClientService.js]: Failed to enroll admin, error:%o message=Calling enroll endpoint
参考文章:Failed to enroll admin 1.执行fabcar示例程序时,node enrollAdmin.js报错: error: [FabricCAClientService.js] ...
cas单点注销失败Error Sending message to url endpoint
最近在做cas单点登录时,由于是单点登录.必然会涉及到单点注销,然而在做单点注销时由于对cas注销机制不了解加之测试条件所致,所有测试都是在本机下完成(机器性能较低,没用虚拟机):导致折腾了很久.网上 ...
解决 Moveit中error: Trajectory message contains waypoints that are not strictly increasing in time
最近在复现一个多路点,利用Moveit(python)下的笛卡尔运动规划进行UR5机械臂的控制实验. 在多路点运动规划时,可以进行多点规划,但是在执行时,会出现报错的情况,总体来看是可以规划,但是不能 ...
Fatal message conversion error； message rejected； it will be dropped or routed to
最近项目中,消费端在消费MQ队列中的消息中报错:Fatal message conversion error; message rejected; it will be dropped or rout ...
Fatal message conversion error；message rejected；it will be dropped or routed to a dead letter exchan
在使用rabbitmq的时候出现消息反序列化失败,如下异常: Fatal message conversion error; message rejected; it will be dropped ...
VMware “Transport(VMDB)error -44:Message”
这种情况说明虚拟机的一个服务没有开启,在本机中找到服务: 1. "打开运行"-"services.msc"回车. 2. 找到VMware Authorizati ...

error: “Forbidden“ message: “Forbidden“

error: “Forbidden“ message: “Forbidden“相关推荐

最新文章

热门文章