提问人:Oskar 提问时间:10/11/2023 最后编辑:PangOskar 更新时间:10/12/2023 访问量:80
在 WebSecurity Spring Boot 3.1.4 中找不到预期的 CSRF 令牌错误
An expected CSRF token cannot be found error in WebSecurity Spring Boot 3.1.4
问:
我收到错误:“找不到预期的 CSRF 令牌”,当使用 Postman 测试以在我的应用程序中注册用户时。计划是注册一个用户并确认电子邮件地址。尽管在测试应用程序时它会运行,尽管在测试端点时,它会在 Postman 中抛出 An expected CSRF token cannot be found 错误。
当 WebSecurityConfig 的代码中添加了 .csrf().disable() 时,问题也仍然存在。
在 Postman 的正文中发送的请求
'localhost:8090/api/v1/注册
{ “firstName”: “阿里”, “姓氏”: “阿里”, “电子邮件”: “Nileru[email protected]”, “password”: “密码” }`
你能告诉我为什么我会遇到这样的错误吗?
以下是课程:
注册控制器
@RestController
@RequestMapping(path = "/api/v1/registration")
public class RegistrationController {
private final RegistrationService registrationService;
@Autowired
public RegistrationController(RegistrationService registrationService) {
this.registrationService = registrationService;
}
@PostMapping
public String register(@RequestBody RegistrationRequest request) {
return registrationService.register(request);
}
@GetMapping(path = "confirm")
public String confirm(@RequestParam("token") String token) {
return registrationService.confirmToken(token);
}
}
注册服务
@Service
public class RegistrationService {
private final AppUserService appUserService;
private final EmailValidator emailValidator;
private final ConfirmationTokenService confirmTokenService;
private final EmailSender emailSender;
public RegistrationService(AppUserService appUserService, EmailValidator emailValidator, ConfirmationTokenService confirmTokenService, EmailSender emailSender) {
this.appUserService = appUserService;
this.emailValidator = emailValidator;
this.confirmTokenService = confirmTokenService;
this.emailSender = emailSender;
}
public String register(RegistrationRequest request) {
boolean isValidEmail = emailValidator.test(request.getEmail());
if (isValidEmail) {
String tokenForNewUser = appUserService.signUpUser(new AppUser(request.getFirstName(),
request.getLastName(),
request.getEmail(),
request.getPassword(),
AppUserRole.USER));
//Since, we are running the spring boot application in localhost, we are hardcoding the
//url of the server. We are creating a POST request with token param
String link = "http://localhost:8090/api/v1/registration/confirm?token=" + tokenForNewUser;
emailSender.sendEmail(request.getEmail(), buildEmail(request.getFirstName(), link));
return tokenForNewUser;
} else {
throw new IllegalStateException(String.format("Email %s, not valid", request.getEmail()));
}
}
@Transactional
public String confirmToken(String token) {
ConfirmationToken confirmationToken = confirmTokenService
.getToken(token)
.orElseThrow(() ->
new IllegalStateException("Token Not Found"));
if (confirmationToken.getConfirmedAt() != null) {
throw new IllegalStateException("Email Already Confirmed");
}
LocalDateTime expiredAt = confirmationToken.getExpiresAt();
if (expiredAt.isBefore(LocalDateTime.now())) {
throw new IllegalStateException("token expired");
}
confirmTokenService.setConfirmedAt(token);
appUserService.enableAppUser(
confirmationToken.getAppUser().getEmail());
return "confirmed";
}
private String buildEmail(String name, String link) {
return "<div style=\"font-family:Helvetica,Arial,sans-serif;font-size:16px;margin:0;color:#0b0c0c\">\n" +
"\n" +
"<span style=\"display:none;font-size:1px;color:#fff;max-height:0\"></span>\n" +
"\n" +
" <table role=\"presentation\" width=\"100%\" style=\"border-collapse:collapse;min-width:100%;width:100%!important\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\">\n" +
" <tbody><tr>\n" +
" <td width=\"100%\" height=\"53\" bgcolor=\"#0b0c0c\">\n" +
" \n" +
" <table role=\"presentation\" width=\"100%\" style=\"border-collapse:collapse;max-width:580px\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" align=\"center\">\n" +
" <tbody><tr>\n" +
" <td width=\"70\" bgcolor=\"#0b0c0c\" valign=\"middle\">\n" +
" <table role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"border-collapse:collapse\">\n" +
" <tbody><tr>\n" +
" <td style=\"padding-left:10px\">\n" +
" \n" +
" </td>\n" +
" <td style=\"font-size:28px;line-height:1.315789474;Margin-top:4px;padding-left:10px\">\n" +
" <span style=\"font-family:Helvetica,Arial,sans-serif;font-weight:700;color:#ffffff;text-decoration:none;vertical-align:top;display:inline-block\">Confirm your email</span>\n" +
" </td>\n" +
" </tr>\n" +
" </tbody></table>\n" +
" </a>\n" +
" </td>\n" +
" </tr>\n" +
" </tbody></table>\n" +
" \n" +
" </td>\n" +
" </tr>\n" +
" </tbody></table>\n" +
" <table role=\"presentation\" class=\"m_-6186904992287805515content\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"border-collapse:collapse;max-width:580px;width:100%!important\" width=\"100%\">\n" +
" <tbody><tr>\n" +
" <td width=\"10\" height=\"10\" valign=\"middle\"></td>\n" +
" <td>\n" +
" \n" +
" <table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"border-collapse:collapse\">\n" +
" <tbody><tr>\n" +
" <td bgcolor=\"#1D70B8\" width=\"100%\" height=\"10\"></td>\n" +
" </tr>\n" +
" </tbody></table>\n" +
" \n" +
" </td>\n" +
" <td width=\"10\" valign=\"middle\" height=\"10\"></td>\n" +
" </tr>\n" +
" </tbody></table>\n" +
"\n" +
"\n" +
"\n" +
" <table role=\"presentation\" class=\"m_-6186904992287805515content\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"border-collapse:collapse;max-width:580px;width:100%!important\" width=\"100%\">\n" +
" <tbody><tr>\n" +
" <td height=\"30\"><br></td>\n" +
" </tr>\n" +
" <tr>\n" +
" <td width=\"10\" valign=\"middle\"><br></td>\n" +
" <td style=\"font-family:Helvetica,Arial,sans-serif;font-size:19px;line-height:1.315789474;max-width:560px\">\n" +
" \n" +
" <p style=\"Margin:0 0 20px 0;font-size:19px;line-height:25px;color:#0b0c0c\">Hi " + name + ",</p><p style=\"Margin:0 0 20px 0;font-size:19px;line-height:25px;color:#0b0c0c\"> Thank you for registering. Please click on the below link to activate your account: </p><blockquote style=\"Margin:0 0 20px 0;border-left:10px solid #b1b4b6;padding:15px 0 0.1px 15px;font-size:19px;line-height:25px\"><p style=\"Margin:0 0 20px 0;font-size:19px;line-height:25px;color:#0b0c0c\"> <a href=\"" + link + "\">Activate Now</a> </p></blockquote>\n Link will expire in 15 minutes. <p>See you soon</p>" +
" \n" +
" </td>\n" +
" <td width=\"10\" valign=\"middle\"><br></td>\n" +
" </tr>\n" +
" <tr>\n" +
" <td height=\"30\"><br></td>\n" +
" </tr>\n" +
" </tbody></table><div class=\"yj6qo\"></div><div class=\"adL\">\n" +
"\n" +
"</div></div>";
}
}
WebSecurityConfig
@Configuration
@AllArgsConstructor
@EnableWebSecurity
public class WebSecurityConfig {
private final AppUserService appUserService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
@Bean
protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authenticationProvider(daoAuthenticationProvider())
.authorizeHttpRequests().requestMatchers("/api/v*/registration/**")
.permitAll()
.anyRequest()
.authenticated().and()
.formLogin();
return httpSecurity.build();
}
@Bean
protected AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(bCryptPasswordEncoder);
provider.setUserDetailsService(appUserService);
return provider;
}
}
确认令牌
@Getter
@Setter
@Entity
@AllArgsConstructor
public class ConfirmationToken {
@Id
@GeneratedValue (strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false)
private String token;
@Column(nullable = false)
private LocalDateTime createdAt;
@Column(nullable = false)
private LocalDateTime expiresAt;
private LocalDateTime confirmedAt;
@ManyToOne
@JoinColumn(nullable = false,
name = "app_user_id")
private AppUser appUser;
public ConfirmationToken() {
}
public ConfirmationToken(String token, LocalDateTime createdAt, LocalDateTime expiresAt, AppUser appUser) {
this.token = token;
this.createdAt = createdAt;
this.expiresAt = expiresAt;
this.appUser = appUser;
}
}
已经检查了 pom.xml 文件似乎与依赖项正常 已检查 application.yaml 在当前设置中,我不得不在 yaml 中使用 allow-bean-definition-overrideing: true。
答: 暂无答案
评论