spring-security-csrf

# adapa-security

### 1. Introduction

**adapa-security**是基于spring-security实现的安全验证组件。

### 2. QuickStart
#### pom.xml

```xml

<dependency>
    <groupId>com.adapa.security</groupId>
    <artifactId>adapa-security</artifactId>
    <version>1.1.3</version>
</dependency>

```

### 3. adapa-security 配置项清单

```yaml

```

#### 3.1 说明

##### 3.1.1 启用 security 
adapa-security 目前主要是用于实现 CSRF安全验证，其它用户身份验证相关功能暂未实现，使用时需关闭其它验证功能，只开启CSRF验证，配置如下：

```
http.cors()
        .and()
        .authorizeRequests()
        .anyRequest()
        .permitAll()
        //.accessDecisionManager(null)
        .and()
        .formLogin()
        .permitAll()
        .and()
        .logout()
        .permitAll()
        .and()
        .csrf()
        //.disable() //关闭CSRF
        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())

```

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>adapa</artifactId>
        <groupId>com.adapa.security</groupId>
        <version>1.1.6.2-SNAPSHOT</version>
        <relativePath>../pom.xml</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.adapa.security</groupId>
    <artifactId>adapa-security</artifactId>
    <version>${adapa.version}</version>

    <dependencies>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <scope>compile</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-logging</artifactId>
                </exclusion>
                <exclusion>
                    <artifactId>jackson-databind</artifactId>
                    <groupId>com.fasterxml.jackson.core</groupId>
                </exclusion>
                <exclusion>
                    <groupId>javax.annotation</groupId>
                    <artifactId>javax.annotation-api</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.fasterxml.jackson.core</groupId>
                    <artifactId>jackson-core</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.fasterxml.jackson.core</groupId>
                    <artifactId>jackson-annotations</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

    </dependencies>

</project>