最近使用springboot、security、druid做个项目的时候,登录druid监控页面时,刚开始集成完成后可以正常登陆,在项目做完后登录的时候发现无法登陆,输入用户名和密码admin,admin,点击sign in,怎么点都没反应,使用浏览器F12查看控制台信息,发现点击sign in时候,打印如下错误 

springboot2.0.4集成druid和security解决CSRF开启问题_第1张图片

解决方法
https://blog.csdn.net/juan0728juan/article/details/79624676


@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/hello").hasRole("USER").and()
                //.csrf().disable() //关闭CSRF
                .csrf().requireCsrfProtectionMatcher(new RequestMatcher() {
            //放行这几种请求
            private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
            //放行rest请求,当然后面rest与web将会分开,到时这里可以删除
            private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("^/rest/.*", null);

            @Override
            public boolean matches(HttpServletRequest request) {
                if(allowedMethods.matcher(request.getMethod()).matches()){
                    return false;
                }

                String servletPath = request.getServletPath();
                if (servletPath.contains("/druid")) {
                    return false;
                }
                return !unprotectedMatcher.matches(request);
            }
        }).and()
                .formLogin().loginPage("/login").defaultSuccessUrl("/hello").and()
                .logout().logoutUrl("/logout").logoutSuccessUrl("/login");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}