[我使用Joinfaces和primefaces用JSF编写Spring引导应用程序。我写了注册表并测试了它。当我使用POST方法发送表单时,应用程序向我发送403错误。我该如何解决这个问题?
我的注册页面的JSF模板:
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:p="http://primefaces.org/ui">
<f:view>
<h:head>
<link type="text/css" rel="stylesheet" href="/css/mystyle.css"></link>
</h:head>
<h:body>
<h2>
<h:outputText value="{msg.translate('male')}"/>
</h2>
<div class="container">
<div class="card">
<div class="card-header">
<div class="card-header-title">
<div><img width="100" height="50" src="it-it/assets/images/l1.svg"> </img></div>
<p>Crea il tuo account Firenet</p>
</div>
</div>
<div class="card-content">
<h:form >
<div class="inputs-row-container">
<span class="ui-float-label group-first-item">
<p:inputText id="firstname" value="" style="width: 100%" required="true"/>
<p:message for="firstname" />
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.firstname.label')}"/>
</span>
<span class="ui-float-label">
<p:inputText value="" style="width: 100%"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.lastname.label')}"/>
</span>
</div>
<span class="ui-float-label group-item">
<p:inputText id="emailInput" value="#{registrationStepOne.email}" style="width: 100%" ></p:inputText>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.email.label')}"/>
</span>
<h:message for="emailInput" style="color: red"/>
<div class="inputs-row-container">
<span class="ui-float-label group-first-item">
<p:inputText value="" style="width: 100%" required="true"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.password.label')}"/>
</span>
<span class="ui-float-label">
<p:inputText value="" style="width: 100%"/>
<p:outputLabel for="@previous" value="{msg.translate('signup-form.input.repeatpassword.label')}"/>
</span>
</div>
<p:commandButton action="/registration/secondstep.xhtml" value="Register" />
</h:form>
</div>
</div>
</div>
</h:body>
</f:view>
</html>
我的JSF页面的Java代码:
import org.apache.commons.validator.routines.EmailValidator;
import org.ocpsoft.rewrite.annotation.Join;
import org.ocpsoft.rewrite.el.ELBeanName;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import javax.faces.application.FacesMessage;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
import javax.faces.validator.ValidatorException;
import java.io.Serializable;
@Scope("session")
@Component(value = "registrationStepOne")
@ELBeanName(value="registrationStepOne")
@Join(path = "/signup/v1/webcreateaccount", to = "/registration/firststep.xhtml")
public class RegistrationStepOne implements Serializable {
private String email;
public RegistrationStepOne() {
// FacesContext.getCurrentInstance().getViewRoot().setLocale(new Locale("it", "IT"));
}
public String save() {
return "/registration/secondstep.xhtml";
}
// Validate Email
public void validateEmail(FacesContext context, UIComponent toValidate, Object value) throws ValidatorException {
String emailStr = (String) value;
if (!EmailValidator.getInstance(false).isValid(emailStr)) {
FacesMessage message = new FacesMessage(new ResourceBundleBean().translate("signup-form.input.email.errors.email"));
throw new ValidatorException(message);
}
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
}
Spring Boot发布请求日志
: Current WebApplicationContext is not available for processing of AnnotationConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.618 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ClassLoaderConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.618 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ContextSpecifiedConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.619 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of DefaultXMLConfigurationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.622 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of SpringBootBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.623 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of DefaultBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.624 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of FacesBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.624 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of SpringBeanNameResolver: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.635 WARN 20204 --- [0.1-8083-exec-7] unknown.jul.logger : Cannot find classes folder: /WEB-INF/classes/
2019-09-07 11:25:40.644 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of WebXmlServletRegistrationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.644 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of Servlet3ServletRegistrationProvider: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.655 DEBUG 20204 --- [0.1-8083-exec-7] o.s.w.c.s.SpringBeanAutowiringSupport : Current WebApplicationContext is not available for processing of ContextParamsPostProcessor: Make sure this class gets constructed in a Spring web application. Proceeding without injection.
2019-09-07 11:25:40.658 DEBUG 20204 --- [0.1-8083-exec-7] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for POST "/error", parameters={masked}
该错误可能是由于Spring CSRF protection造成的。
如果在application.properties中为Spring安全性启用调试日志记录(logging.level.org.springframework.security: debug)那么您将看到类似
019-12-24 15:56:33,951 [99] DEBUG o.s.security.web.csrf.CsrfFilter:doFilterInternal 127 - Invalid CSRF token found for <JSF page>
由于JSF已经具有内置的CSRF保护(2,3),因此您可以通过配置禁用Spring自身的CSRF保护:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
另请参见4。