From 0691229e1efd11238d41612c7222b9d54d776b63 Mon Sep 17 00:00:00 2001
From: wanglufei <2686221966@qq.com>
Date: Mon, 11 Apr 2022 16:48:54 +0800
Subject: [PATCH] =?UTF-8?q?SpringSecurity=E4=B8=AD=E7=9A=84CSRF=E5=9C=A8?=
 =?UTF-8?q?=E5=B7=A5=E4=BD=9C=E4=B8=AD=E7=9A=84=E4=BD=BF=E7=94=A8=E6=96=B9?=
 =?UTF-8?q?=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/uin/config/SpringSecurityConfig.java    |  5 +++--
 .../java/com/uin/controller/LoginController.java     | 12 ++++++++++++
 src/main/resources/templates/login.html              |  4 ++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/uin/config/SpringSecurityConfig.java b/src/main/java/com/uin/config/SpringSecurityConfig.java
index 5e7e3bd..d8f0476 100644
--- a/src/main/java/com/uin/config/SpringSecurityConfig.java
+++ b/src/main/java/com/uin/config/SpringSecurityConfig.java
@@ -54,7 +54,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .passwordParameter("pwd")
 
                 //2. 必须和表单的提交是一样的
-                .loginProcessingUrl("/login")
+                //.loginProcessingUrl("/login")
+                .loginProcessingUrl("/showLogin")
                 //自定义登陆页面
                 .loginPage("/login.html")
 
@@ -131,7 +132,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
 
         //关闭防火墙
-        http.csrf().disable();
+        //http.csrf().disable();
 
 
         //自定义403 权限异常
diff --git a/src/main/java/com/uin/controller/LoginController.java b/src/main/java/com/uin/controller/LoginController.java
index 9167671..6ab6f69 100644
--- a/src/main/java/com/uin/controller/LoginController.java
+++ b/src/main/java/com/uin/controller/LoginController.java
@@ -90,4 +90,16 @@ public String toError() {
     public String demo() {
         return "demo";
     }
+
+    /**
+     * CSRF的页面跳转
+     *
+     * @return java.lang.String
+     * @author wanglufei
+     * @date 2022/4/11 4:35 PM
+     */
+    @RequestMapping("showLogin")
+    public String showLogin() {
+        return "login";
+    }
 }
diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html
index 2c5ff41..46aea1b 100644
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 <html lang="en" xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:th="http://www.thymeleaf.org"
-      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5 ">
+      xmlns:th="http://www.thymeleaf.org">
 <head>
     <meta charset="UTF-8">
     <title>login</title>
@@ -9,6 +8,7 @@
 <body>
 
 <form action="/login" method="post">
+    <input type="hidden" th:value="${_csrf.token}" name="_csrf" th:if="${_csrf}">
     用户名：<input type="text" name="username" placeholder="请输入用户名">
     用户名：<input type="text" name="username" placeholder="请输入用户名">