Spring Boot与Spring Security整合后无法上传图片403

100 阅读 0 评论 66 点赞

我是靠谱客的博主大意花卷，这篇文章主要介绍Spring Boot与Spring Security整合后无法上传图片403，现在分享给大家，希望可以做个参考。

查阅资料发现：Spring Boot与Spring Security整合后，不仅仅只是无法上传图片，只要是post请求，就会出现403拒绝访问

首先：403错误，表示资源不可用。服务器理解客户的请求，但拒绝处理它，通常由于服务器上文件或目录的权限设置导致的WEB访问错误。

了解了错误后，大概就是我用户权限不够吧。当我登录以后，以admin权限去操作post还是一样的错误。

于是去configure方法中找，看看是不是可以设置接收post操作：

复制代码

package cn.wzz.web;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) //开启security注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//允许所有用户访问"/"和"/uploadFile"
.antMatchers("/uploadFile").permitAll()
//其他地址的访问均需验证权限
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
//指定登录页是"/login"
.defaultSuccessUrl("/list")
//登录成功后默认跳转到"list"
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/home")
//退出登录后的默认url是"/home"
.permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
//解决静态资源被拦截的问题
web.ignoring().antMatchers("/static/**");
}
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package cn.wzz.web;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) //开启security注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//允许所有用户访问"/"和"/uploadFile"
.antMatchers("/uploadFile").permitAll()
//其他地址的访问均需验证权限
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
//指定登录页是"/login"
.defaultSuccessUrl("/list")
//登录成功后默认跳转到"list"
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/home")
//退出登录后的默认url是"/home"
.permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
//解决静态资源被拦截的问题
web.ignoring().antMatchers("/static/**");
}
}