Spring boot、Spring Security和Druid集成后，因csrf校验开启，不能登录http://localhost:8086/druid/login.html的解决办法

最新推荐文章于 2025-09-25 11:09:52 发布

原创最新推荐文章于 2025-09-25 11:09:52 发布 · 5.8k 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#spring boot #spring security #druid

本文介绍在SpringBoot项目中集成SpringSecurity和Druid后，如何解决因默认开启的csrf校验导致无法正常访问Druid监控页面的问题。通过配置SpringSecurity忽略Druid路径的csrf校验，实现对数据库连接池的监控。

Spring boot、Spring Security和Druid集成后，druid部分配置如下

spring:
  datasource:
    druid:
      stat-view-servlet.enabled: true
      stat-view-servlet.url-pattern: /druid/*

因为默认开启csrf校验校验，所以进入http://localhost:8086/druid/login.html后，输入用户名和密码，点击登录没有反应。

解决办法如下

package cn.hybris.configkeeper.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;


/**
 * @author adminx
 *
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter
{
	@Override
	protected void configure(final HttpSecurity http) throws Exception
	{
		http.csrf().ignoringAntMatchers("/druid/*");
	}
}