【发布时间】:2021-03-11 06:22:20
【问题描述】:
我正在使用以下 POM 配置构建基于 Spring Boot 的 Web API
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.0</version>
<relativePath />
</parent>
<properties>
<!-- Required section -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.target>8</maven.compiler.target>
<maven.compiler.source>8</maven.compiler.source>
<java.version>1.8</java.version>
<java-platform-sdk.version>0.5</java-platform-sdk.version>
<springdoc.openapi.version>1.4.2</springdoc.openapi.version>
<springdoc.openapi.maven.plugin.version>1.0</springdoc.openapi.maven.plugin.version>
<spring.boot.maven.plugin.version>2.1.10.RELEASE</spring.boot.maven.plugin.version>
<sonar.language>java</sonar.language>
<sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<jacoco.version>0.8.3</jacoco.version>
<sonar.coverage.jacoco.xmlReportPaths>target/jacoco-ut/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
<sonar.host.url>http://10.151.9.50:9000</sonar.host.url>
<sonar.login>admin</sonar.login>
<sonar.password>admin</sonar.password>
<argLine></argLine>
<!-- /Required section -->
</properties>
<dependencies>
<!-- Required section -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.retry</groupId>
<artifactId>spring-retry</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-neo4j</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.12</version>
<scope>provided</scope>
</dependency>
<!-- Test -->
<dependency>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<!-- Log -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-webflux-ui</artifactId>
<version>${springdoc.openapi.version}</version>
</dependency>
</dependencies>
<repositories>
<!-- Required section -->
<repository>
<id>central</id>
<name>Maven Central</name>
<url>https://repo1.maven.org/maven2/</url>
</repository>
<repository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</repository>
<repository>
<id>neo4j</id>
<name>Neo4j</name>
<url>http://m2.neo4j.org/</url>
</repository>
<!-- /Required section -->
</repositories>
<build>
<plugins>
<!-- Required section -->
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${spring.boot.maven.plugin.version}</version>
<executions>
<execution>
<id>pre-integration-test</id>
<goals>
<goal>start</goal>
</goals>
</execution>
<execution>
<id>post-integration-test</id>
<goals>
<goal>stop</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-maven-plugin</artifactId>
<version>${springdoc.openapi.maven.plugin.version}</version>
<executions>
<execution>
<id>integration-test</id>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
<configuration>
<apiDocsUrl>http://localhost:8080/api-docs</apiDocsUrl>
<outputFileName>swagger.json</outputFileName>
<outputDir>${project.basedir}/../../infrastructure/platform/api</outputDir>
</configuration>
</plugin>
<!-- /Required section -->
</plugins>
</build>
</project>
我构建了一个非常好的控制器,但是当我使用不是 HTTP GET 的方法调用它们时,我得到一个 403 错误,looking online it seems that the problem stems from csrf protection 但我不明白为什么如果我在我的项目上启用了这种保护尚未导入 Spring Boot Security。该链接甚至提供了一个禁用这种不需要的保护的过程,但是经过多次尝试后,我了解到要遵循该过程,您必须将整个 Spring Boot Security 导入到您的项目中,否则您会收到运行时错误,否则这些设置将被忽略但我觉得很奇怪,我必须导入一大块框架只是为了禁用不需要的保护,我想知道是否有更好的方法来做到这一点,或者我在 pom.xml 上犯了一个错误,因为我发现并且不优雅导入一大块框架,然后禁用它的所有内容。
【问题讨论】:
标签: java spring spring-boot spring-security csrf