各位大神 请教个 spring security 问题
getAjax("../menu/loadmenu", "", function (data) {
这样会被拦截 因为 这个地址在数据库里面没有存
如果 在xml 里面配置了 <security:http pattern="/main/*" security="none"/>
是可以访问了 但是在controller 里面就获取不到当前登录用户的信息了
大家讲道理2017-04-18 09:05:49
Are you worried about how to make ajax requests in spring security? General ajax requests are forbidden in Spring Security because the csrf token is null when requesting. The official provides a solution, refer to the official document http://docs.spring.io/spring-security/site/docs/3.2.0.CI-SNAPSHOT/reference/html/csrf.html
The specific method is
1. Add the following code in the head tag of the jsp page:
<meta name="_csrf" content="${_csrf.token}"/>
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf.headerName}"/>
2. Add the following code before the ajax request:
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header' ]").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
xhr.setRequestHeader(header, token);
});
This way you can use ajax requests normally.
Please refer to my blog http://jeesun.github.io/2016/03/27/Spring-Security%E5%A4%84%E7%90%86Ajax%E8%AF%B7%E6%B1% 82/
