spring-boot - 当我提交 jsf 表单时,应用程序显示 403 错误页面。为什么这个?
问题描述
我使用Joinfaces和primefaces使用 JSF 编写 Spring Boot 应用程序。我写了注册表并进行了测试。当我使用 POST 方法发送表单时,应用程序给我一个 403 错误。我怎么解决这个问题?
我的注册页面的 JSF 模板:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<f:view>
<h:head>
<link type="text/css" rel="stylesheet" href="/css/mystyle.css"></link>
</h:head>
<h:body>
<h2>
<h:outputText value="{msg.translate('male')}"/>
</h2>
<div class="container">
<div class="card">
<div class="card-header">
<div class="card-header-title">
<div><img width="100" height="50" src="it-it/assets/images/l1.svg"> </img></div>
<p>Crea il tuo account Firenet</p>
</div>
</div>
<div class="card-content">
<h:form >
<div class="inputs-row-container">
<span class="ui-float-label group-first-item">
<p:inputText id="firstname" value="" style="width: 100%" required="true"/>
<p:message for="firstname" />
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.firstname.label')}"/>
</span>
<span class="ui-float-label">
<p:inputText value="" style="width: 100%"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.lastname.label')}"/>
</span>
</div>
<span class="ui-float-label group-item">
<p:inputText id="emailInput" value="#{registrationStepOne.email}" style="width: 100%" ></p:inputText>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.email.label')}"/>
</span>
<h:message for="emailInput" style="color: red"/>
<div class="inputs-row-container">
<span class="ui-float-label group-first-item">
<p:inputText value="" style="width: 100%" required="true"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.password.label')}"/>
</span>
<span class="ui-float-label">
<p:inputText value="" style="width: 100%"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.repeatpassword.label')}"/>
</span>
</div>
<p:commandButton action="/registration/secondstep.xhtml" value="Register" />
</h:form>
</div>
</div>
</div>
</h:body>
</f:view>
</html>
我的 JSF 页面的 Java 代码:
import org.apache.commons.validator.routines.EmailValidator;
import org.ocpsoft.rewrite.annotation.Join;
import org.ocpsoft.rewrite.el.ELBeanName;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import javax.faces.application.FacesMessage;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
import javax.faces.validator.ValidatorException;
import java.io.Serializable;
@Scope("session")
@Component(value = "registrationStepOne")
@ELBeanName(value="registrationStepOne")
@Join(path = "/signup/v1/webcreateaccount", to = "/registration/firststep.xhtml")
public class RegistrationStepOne implements Serializable {
private String email;
public RegistrationStepOne() {
// FacesContext.getCurrentInstance().getViewRoot().setLocale(new Locale("it", "IT"));
}
public String save() {
return "/registration/secondstep.xhtml";
}
// Validate Email
public void validateEmail(FacesContext context, UIComponent toValidate, Object value) throws ValidatorException {
String emailStr = (String) value;
if (!EmailValidator.getInstance(false).isValid(emailStr)) {
FacesMessage message = new FacesMessage(new ResourceBundleBean().translate("signup-form.input.email.errors.email"));
throw new ValidatorException(message);
}
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
}
Spring Boot 发布请求日志
: Current WebApplicationContext is not available for processing of AnnotationConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.618 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ClassLoaderConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.618 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ContextSpecifiedConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.619 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of DefaultXMLConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.622 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of SpringBootBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.623 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of DefaultBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.624 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of FacesBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.624 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of SpringBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.635 WARN 20204 --- [0.1-8083-exec-7] unknown.jul.logger : Cannot find classes folder: /WEB-INF/classes/
2019-09-07 11:25:40.644 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of WebXmlServletRegistrationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.644 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of Servlet3ServletRegistrationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.655 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ContextParamsPostProcessor: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.658 DEBUG 20204 --- [0.1-8083-exec-7] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for POST "/error", parameters={masked}
解决方案
该错误可能是由于Spring CSRF protection造成的。
如果您在 application.properties ( logging.level.org.springframework.security: debug
) 中为 Spring 安全性启用调试日志记录,那么您将看到类似
2019-12-24 15:56:33,951 [99] DEBUG o.s.security.web.csrf.CsrfFilter:doFilterInternal 127 - Invalid CSRF token found for <JSF page>
由于 JSF 已经有一个内置的 CSRF 保护(2 , 3),您可以通过配置禁用 Spring 自己的 CSRF 保护:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
另见4。
推荐阅读
- javascript - 单击复选框后,我在反应应用程序中的复选框未更改状态
- python - 尝试在二维数组中使用 .append() 添加列时如何修复 ValueError?
- javascript - 当我键入 ?leaderboard 时,控制台中会弹出此错误,但命令会完美执行吗?
- javascript - 将值从 JavaScript 变量传递给 php
- python - 可以在一行 Python 代码中使用求和和乘积符号吗?
- typescript - React Native 中 scrollXAnimated 的 Typescript 类型是什么?
- sql - 如何使用 ST_Distance 获取 POSTGIS 附近的位置
- corda - 我如何在医院杀死流量?
- elasticsearch - 用于弹性云配置的 Elasticsearch 分片大小和 JVM 内存
- java - Fragment 中的按钮声明导致空 Android