spring security 'X-Frame-Options' to 'deny'.

springboot 2.1.3 RELEASE

引入security

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

html使用了 frameset 标签，在请求页面的时候就会报错，类似

'X-Frame-Options' to 'deny'.

解决办法

在  WebSecurityConfigurerAdapter 的继承实现类里面覆盖  configure(HttpSecurity http)

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable().// 解决页面框架不能获取子页面
                and().
                csrf().disable().authorizeRequests()
                .antMatchers("/login","/regist","/user/regist")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .loginProcessingUrl("/user/login")
                .permitAll()
                .successHandler((httpServletRequest, httpServletResponse, authentication) -> {
                    System.out.println("登陆成功处理==============");
                    //跳转到首页
                    httpServletResponse.sendRedirect("/main");
                })
                .failureHandler((httpServletRequest, httpServletResponse, e) -> {
                    System.out.println("登陆失败处理=============");
                    //返回到登陆页面
                    httpServletResponse.sendRedirect("/login");
                })
                .and()
                //登出
                .logout()
                .logoutSuccessHandler(((httpServletRequest, httpServletResponse, authentication) -> {
                    System.out.println("登出成功处理=============");
                    httpServletResponse.sendRedirect("/login");
                }));
//                .and()
//                .exceptionHandling()
//                .authenticationEntryPoint(((httpServletRequest, httpServletResponse, e) -> {
//                    //应该回到当前页面，并且状态不变
//                }));
    }

有注释  // 解决页面框架不能获取子页面     那里就是解决的代码了，网上都没有加上.add()，不完整。