0

我正在尝试调用其余 API 以在 POST 方法上使用 /api/v1/cart 创建购物车。我试过有和没有客户ID。但仍然面临错误。有配置吗??任何帮助都会很棒。下面是jetty server的stackrace

HTTP 错误 500

访问 /api/v1/cart 时出现问题。原因: 

    XSRF 令牌不匹配(空)。会话可能已过期。

造成的:

org.broadleafcommerce.common.exception.ServiceException:XSRF 令牌不匹配(空)。会话可能已过期。在 org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl.compareToken(ExploitProtectionServiceImpl.java:122) 在 org.broadleafcommerce.common.security.handler.CsrfFilter.doFilter(CsrfFilter.java:79) 在 org.springframework.security.web .FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter (FilterChainProxy.java:342) 在 org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 在 org.springframework.security.web。

--

谢谢, 斯内哈

4

1 回答 1

1

确保在您的站点中web.xmlapplicationContext-rest-api.xml包含在patchConfigLocations 上面 applicationContext-security.xml的列表中。这applicationContext-rest-api.xml不包括以blCsrfFilter 开头的所有路径/api/

<!-- Set up Spring security for the RESTful API -->
<sec:http pattern="/api/**" create-session="stateless">
    <sec:http-basic />
    <sec:custom-filter ref="blRestPreSecurityFilterChain" before="CHANNEL_FILTER"/>
    <sec:custom-filter ref="blRestCustomerStateFilter" after="REMEMBER_ME_FILTER"/>
    <sec:custom-filter ref="blRestPostSecurityFilterChain" after="SWITCH_USER_FILTER"/>
</sec:http>

如果您没有该部分,则 Spring Security 会将 blCsrfFilter 放入站点所需的安全过滤器链中,但应在 Rest API 中排除。来自 applicationContext-security.xml:

<sec:http auto-config="false" authentication-manager-ref="blAuthenticationManager" disable-url-rewriting="true">
    <!-- We handle session fixation protection ourselves  -->
    <sec:session-management session-fixation-protection="none" />

   <!-- .................................. -->
   <!-- Other configuration excluded -->
   <!-- .................................. -->

    <!-- Specify our custom filters -->
    <sec:custom-filter ref="blPreSecurityFilterChain" before="CHANNEL_FILTER"/>
    <sec:custom-filter ref="blCsrfFilter" before="FORM_LOGIN_FILTER"/>
    <sec:custom-filter ref="blSessionFixationProtectionFilter" before="SESSION_MANAGEMENT_FILTER"/>
    <sec:custom-filter ref="blPostSecurityFilterChain" after="SWITCH_USER_FILTER"/>
</sec:http>
于 2014-06-27T10:05:23.687 回答